95% of firms not ready for cookie laws

The vast majority of new websites don’t comply with new cookie consent laws, according to a study from KPMG.

The new law requires sites to ask for consent before dropping cookies onto users’ computers. While the EU Directive technically came into force last year, it isn’t being enforced in the UK until 26 May – but it appears few sites are ready for the change.

KPMG audited 55 “major” websites, finding only one that specifically asks for user consent and two that said they were being updated to meet the rules by the deadline.

“Whilst the majority of websites we analysed made a reference to the use of cookies under either the terms and conditions or specific privacy policies, and some also state how the cookies are being used, this is not enough to ensure compliance with the directive,” said Stephen Bonner, a partner in the information protection and business resilience team at KPMG.

“Organisations now need to focus their efforts on establishing an inventory of their websites and the cookies currently in use, before evaluating their purpose, and establish a pragmatic plan to ensure compliance,” he added.

With more than a month to go before the rules come into force, it’s no surprise many sites don’t yet offer full compliance – especially as the Information Commissioner’s Office (ICO) has no plans for immediate fines.

While those organisations that don’t meet the deadline can technically face a £500,000 fine, Comissioner Christopher Graham has said the ICO won’t take action against those that are working towards meeting the law.

“When our 12-month grace period ends, there won’t be a wave of formal enforcement actions taken against those who aren’t yet compliant, but are trying to get there,” Graham said last year.