U.K. Delays E.U. Cookie Law Enforcement
Regulators won't require consent for cookie placement until May 2012.
Regulators won't require consent for cookie placement until May 2012.
Websites aimed at U.K. users have been given a year to comply with new E.U. privacy law, which requires users’ consent for the placement of cookies on their machines.
Member states must implement the new rules through the introduction or application of local laws by today at the latest, following a 2009 amendment to a European privacy directive. But the Information Commissioner’s Office (ICO) today announced it will give companies 12 months to “get their house in order” before it begins enforcing the rules. The ICO is the government body responsible for enforcing privacy legislation in the U.K.
Technically that could put the U.K. in breach of E.U. law, and may expose it to action from the European Commission. Speaking with ClickZ today, Jonathan Todd – a spokesman for the Commission’s VP, Neelie Kroes – said the body intends to contact U.K. regulators to “establish precisely what it is they’re intending to do.”
Christopher Graham, the U.K. Information Commissioner, told an audience of advertisers that companies must at least begin to implement the new requirements, despite the fact they won’t be enforced until May next year. “This does not let everyone off the hook,” he said in a speech today before the Incorporated Society of British Advertisers. “Those who choose to do nothing will have their lack of action taken into account when we begin formal enforcement of the rules.”
Graham added, “Browser settings giving individuals more control over cookies will be an important contributor to a solution” for many businesses, but “the necessary changes to the technology aren’t there yet.”
The amended directive has <a href=”http://www.clickz.com/clickz/news/2073597/cookie-law-creates-confusion-eu”>caused confusion</a> among E.U. member states, many of which appear unsure of how to best implement it without disrupting consumers’ internet experience as well as the businesses that rely on cookie technology to help generate revenue online.
Local regulators are required to notify the Commission of their compliance with the directive, but so far only Lithuania, Estonia, Denmark and the U.K. have done so, though Denmark and the U.K. have only issued “partial notifications,” Todd said. The Commission will now contact those parties to establish exactly which parts of the directive have and haven’t been implemented.
“The fact that numerous states haven’t transposed the directive in time shows that people are having difficulty understanding it. It’s badly written,” Kimon Zorbas, president of pan-European online advertising trade body IAB Europe, told ClickZ yesterday.