ICO: websites must “try harder” to meet cookie laws
The ICO has called for websites to “try harder” to meet looming EU cookie regulations – but still has no plans to start doling out fines.
Earlier this year, EU laws came into force in the UK, requiring websites to ask for consent before dropping unnecessary cookies onto users’ computers.
The ICO made it clear it won’t take any action regarding the rules for the first year until 26 May.
Indeed, the Information Commissioner has now said websites need not fear fines or other penalties come the end of May, so long as they’ve started trying to meet the regulations.
“We’re half way through the lead-in to formal enforcement of the rules,” Christopher Graham said. “But, come 26 May next year, when our 12 month grace period ends, there will not be a wave of knee-jerk formal enforcement actions taken against those who are not yet compliant but are trying to get there.”
There will not be a wave of knee-jerk formal enforcement actions taken against those who are not yet compliant but are trying to get there
Generally speaking, the ICO investigates companies following a formal complaint, so sites will need to be reported to the watchdog before any action is taken. The first tier of action is usually an “undertaking”, in which the ICO tells the company in question what it needs to do to meet the rules it’s breaking.
Perhaps unsurprisingly given the lack of penalty, the ICO said sites so far aren’t doing enough.
“Our mid-term report can be summed up by the schoolteacher’s favourite clichés ‘could do better’ and ‘must try harder’,” he noted. “Many people running websites will still be thinking that implementing the law is an impossible task. But they now need to get to work.”
The ICO admitted some people think the law is impractical and are hoping it will be overturned, but said: “This isn’t going away. It’s the law.”
What to do
However, Graham said his organisation would not issue “prescriptive check lists” telling sites exactly what to do: “Those actually running websites are far better placed to know what will work for them and their customers.”
The ICO did give some suggestions on how to meet the rules, saying sites could use pop-ups, banners, or their terms and conditions to ask users for cookie consent.
While some browser companies are working on cookie management systems, the ICO warned websites not to depend on such technologies, as they aren’t available yet and may not go far enough to meet the law.