By May 2012, the UK Information Commissioner’s Office (ICO) expects businesses and organisations to:
- provide clear information about the way in which cookies are operating on websites; and
A failure to comply with the above runs the risk of a fine of up to 500,000 GBP.
In addition the European Commission has set a deadline of June 2012 for European companies to create a uniform way for users to opt-out of accepting cookies. If companies do not standardise their opt-outs, it has warned that action will be taken.
The ICO has published guidelines on its website. Nevertheless, in each individual case the specific action required and the information to be given to users will depend upon the precise purpose of the cookie(s). For example using browser settings to obtain consent may be acceptable and the Government is currently working with Adobe, Apple, Google, Microsoft, Mozilla and Yahoo to create such a technological solution. However, it is not clear whether or not this will suffice to meet European data protections requirements.
It is also unclear whether companies based outside of the UK e.g. in the USA have to comply with the new rules, particularly if they have a website aimed at UK users.