// News

The EU Cookie Law – 95% of Businesses Not Ready!

With just a little over a month to go before the new EU cookie law comes into force, a recent survey has found that 95% of dominant United Kingdom corporations still do not conform to the rulings.

As from May 26th 2012, the European Union’s Privacy and Communications Directive will mean that websites have to seek permission from their visitors before they can drop a cookie onto their computer’s hard drive.

Despite the impending deadline, when KPMG scrutinised the websites of 55 UK corporations, many of whom are FTSE 100 businesses, they found that most were still to implement the required changes, meaning that they run the risk of receiving a heavy fine that could be as much as £500,000. It was also disclosed by the IT manager’s association Socttm that public sector bodies and councils would also find it incredibly difficult to comply with the rulings.

KPMG found that, out of all the websites that were analysed, only one site gave its users the choice to opt out of having a cookie dropped on their hard drive. Two websites indicated that they were in the process of modifying their cookie policy to comply with the legislation, whilst two of the other sites did not use any cookies at all. KPMG carried out the survey in March 2012.

Stephen Bonner, a partner in the Information Protection and Business Resilience business team at KPMG, told Computer World UK: “With less than 50 days to go before enforcement, our analysis has found that the majority of UK organisations still need to complete substantial work to their websites.

“Whilst the majority of the websites we analysed made a reference to the use of cookies under either the terms and conditions or specific privacy policies, and some also state how the cookies are being used, this is not enough to ensure compliance with the directive.”

He continued: “Organisations now need to focus their efforts on establishing an inventory of their websites and the cookies currently in use, before evaluating their purpose and establish a pragmatic plan to ensure compliance.”

KPMG has encouraged organisations to make a start by implementing requests for consent that are related to registration, log-in and other comparable processes.

The Information Commissioner’s Office (ICO) has said that it is ‘vital’ that corporations start to make changes to abide by the legislation, and have recommended new guidance by the International Chamber of Commerce UK.

“The results of this survey show that many websites still have work to do,” an ICO spokesperson said.

“Last week the ICO welcomed the UK guidance launched by the International Chamber of Commerce. We recognise that this guidance provides organisations with a good starting point from which they can work towards full compliance.

“We are also receiving positive feedback from websites who are already implementing new and innovative approaches aimed at making their websites compliant with the changes. We will be updating our own cookies guidance to ensure that best practice advice is shared across the industry.”

As well as established businesses, the legislation will affect anybody who has an affiliate website, displays Adsense adverts or runs third party analytics on their site to track user behaviour and visitor statistics such as Google Analytics. It is yet to be seen what the full impact of the legislation will be, but the digital team at HROC will be keeping an eye on developments and will update the blog with any further news regarding the EU ruling.