Small businesses are being warned that their websites could fall foul of new EU rules governing the use of ‘cookies’ unless urgent alterations are made.
Cookies work by installing a small piece of code on to a site user’s computer and this code allows the site to remember and recognise visitors. However, recent updates to the EU’s Privacy and Electronic Communications Regulations mean that it is now technically illegal for UK websites to do this without first seeking the user’s consent.
Companies which are found to have fallen foul of the new law, introduced in May, face a fine of up to £500,000. As a result, the Forum of Private Business is urging business owners to make sure their websites comply.
Thankfully, the body tasked with policing the regulations - the Information Commissioners' Office (ICO) – has said that if it receives a complaint about a website using cookies without first gaining consent is will give the site’s owner ‘up to 12 months’ to make alterations before prosecuting.
What a company will need to do to comply with the new legislation will depend entirely on their website. There is also still a considerable degree of ambiguity surrounding how the rules will work in practice and the government is still discussing the legislation with browser manufacturers – websites may soon be able to rely on the user's browser settings to indicate consent, but this is not currently possible.
However, the ICO has put online its own guidance on the issue. It suggests a three-stage approach:
1 - Check what type of cookies you use, if any.
2 - Assess how intrusive they are.
3 - Decide how to best obtain consent from users. This could include a pop-up message offering an opt-in option when someone signs up for your service, or letting them make choices about how they use your site. Small businesses may have to ask their web designers or developers for information and input on this.
UK-based websites will no longer be allowed to download cookies without the site user's consent.