Out-Law News 2 min. read
15 Dec 2011, 9:50 am
It has published a number of examples of how publishers might get consent in a way that could meet the new legal obligations.
The ICO has given a 12 month 'grace period' to allow publishers to change their sites so that they only use cookies when they have explicit permission from users. Cookies are small files stored in web browsers that store users' preferences and sometimes track their online activity.
"Our mid-term report can be summed up by the schoolteacher’s favourite clichés 'could do better' and 'must try harder'," said Information Commissioner Christopher Graham. "Many people running websites will still be thinking that implementing the law is an impossible task. But they now need to get to work."
The ICO's view is not based on research about how many organisations have made changes to their sites, a spokeswoman said, but on "our feeling that some website owners are not putting the effort in and are expecting us to come up with solutions for them".
"Over the last few months we’ve been speaking to and working with businesses and organisations that are getting on with it and setting the standard. My message to others is – if they can do it, why can’t you?" said Graham.
“Some people seem to want us to issue prescriptive check lists detailing exactly what they need to do to comply," he said. "But this would only get in the way and would be too restrictive for many businesses and organisations. Those actually running websites are far better placed to know what will work for them and their customers.”
The ICO has published updated guidance (27-page / 341KB PDF) on how organisations can comply with the rules.
This guidance includes for the first time some samples of how web pages might look with systems that the ICO says could meet the requirements of the law.
One technology law expert said that these go someway towards meeting the demands of critics who had said that the ICO was not being proactive enough about telling businesses how to get on the right side of the law.
"For the first time since the law changed in May the ICO has provided concrete guidance and examples of how sites might look that businesses will be able to use to make sure they are compliant," said Claire McCracken, a technology law expert at Pinsent Masons, the law firm behind Out-Law.com. "This should make it easier for them to plan ahead to make sure they are compliant, or at least well on their way to being so, by the May 2012 deadline."
The new laws are the result of changes to EU law which demand that publishers gathering information on users' interactions with their site via cookies must have their explicit permission. Publishers had argued that the settings in a user's browser – which can be set to reject or control cookies – should be taken as permission, but the ICO, other regulators and the Government have said that this cannot be the case.
The Government told Out-Law earlier this year that it was working with browser manufacturers to see if a 'technical solution' along these lines might be possible.