The law relates to the placement of cookies on all devices including mobile. The fines for breaching the the law can be anything up to a maximum of £500,000 in the worst case scenario.
The new law, comprising an amendment to the EC's Privacy and Electronic Communications Directive
, actually came into effect on 26th May 2011 but the ICO gave businesses 12 months grace to comply and alter their processes in line with the law. However, a study conducted by KPMG last month concluded that 95% of UK business had yet to fall in line.
I believe it was hoped that in that 12 month window, industry would respond to the new law with technological solutions to deliver, for example, a browser based solution/plug-in allowing users to opt-in or out of a sites cookie usage. But as far as I can see, no industry quick-fix solution or best practice has emerged and the examples of how companies have tackled the problem are very light indeed. The ICO itself has crudely made sure its site is compliant already by adding an alert banner to the top of its site
stating "The ICO would like to place cookies on your computer to help us make this website better" and then a check box for the user to acknowledge they have read and understood their privacy notice.
It has been made clear that the ICO will be investigating all UK websites that fail to comply, especially if a complaint is made
using their online complaint form, against your company for using cookies incorrectly.
We highly recommend you read the advice
published by the ICO on their website and use it to help you correctly audit your site and understand exactly what and how many cookies your systems are placing on peoples computers enabling you to make an informed decision about the correct compliance solution for your business. You are probably using cookies if your site displays adverts of any kind, banners, google text ads, Message Plus Units etc. If you are using Google Analytics, you are probably going to need compliance too!
Whilst researching the cookie law I came across The Cookie Collective
who have a free to use Google Chrome plug-in called Optanon Audit
, that you can use to Audit yourself and see how many cookies you are using. (I haven't registered for or tested the plugin yet, so can't review or comment on it)
Hopefully after using a tool like this, you will then be better informed of what your website does actually pass to your users computers and devices and be able to plan for compliance.
For an annual fee of £295+VAT you could use The Cookie Collectives' fully managed software service OPTANON
, which is a combination of the audit tool and an advanced compliance management service that they state as making your website cookie legal! It does this by creating a customised opt-in overlay for your website that 'should' cover you under the new EU cookie law.
But for now, the ICO have said they would be happy for businesses to at least of conducted an audit of their site and be in the process of constructing a plan for compliance. So as long as you and I are seen to be making positive advances we'll be OK, for now!
If you come across any clever solutions to this legislation, let us all know by leaving a comment below.