New EU cookies law makes clear that users must give permission for cookies to be stored on their computers

Website owners given a year to comply with new cookies law

Websites aimed at UK consumers have just 12 months to 'get their house in order' before the new EU cookies law is enforced.

The government has revised the Privacy and Electronic Communications Regulations which make it clear that UK businesses and organisations running websites in the UK must get consent from visitors to their websites in order to store cookies on users’ computers.

Information Commissioner Christopher Graham admitted the rules were “challenging” but stressed that the law had been brought in “to give consumers more choice about what companies know about them”.

“Browser settings giving individuals more control over cookies will be an important contributor to a solution,” he said.

“The government has said they don’t expect the ICO to enforce this new rule straight away, so we’re giving businesses and organisations up to one year to get their house in order.” 

A cookie, a common technique of storing information, is a small file that a website puts on a user’s computer so that it can remember something, for example the user’s preferences, at a later time. 

Many businesses find cookies useful for a variety of reasons, from analysing consumer browsing habits to remembering a user’s payment details when buying products online.

The Information Commissioner's Office (ICO), which will regulate the new rules coming into force in the UK this week, has published enforcement guidance on its website, as well as guidance on other new powers coming into force as part of the revised regulations.

This includes:

- Guidance on how the ICO will enforce the new rules on cookies

- Information for consumers on what the new rules will mean for them and how to complain to us

- Information on what the ICO itself is doing to comply with the new rules in respect of its own website;

“Retailers recognise the challenge of legislating in the changing online environment,” said Stephen Robertson, director general of the British Retail Consortium (BRC).

“This is why the BRC has worked closely with the ICO to help ensure a balanced approach to regulation that helps UK business maintain its position as world leader in e-commerce while also providing clarity on important consumer rights.”

The regulations have also granted new powers to the ICO, including the power to impose financial penalties on telecoms and internet companies who fail to notify them of data breaches, and stronger powers to investigate the businesses behind nuisance marketing calls and spam texts.

“Tackling the businesses that make money from this is a challenge, but these new powers will give us access to more of the information we need to do the job,” Graham added.

Further reading:

Find out more about the Information Commissioner's Office's new rules on Privacy and Electronic Communications

Recent articles

Info Message

Our sites use cookies to support some functionality, and to collect anonymous user data.

Learn more about IET cookies and how to control them