The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 will be enforced by the Information Commissioner’s Office from 26 May 2012. The Regulations require website operators to obtain consent of their users when placing cookies or locally stored objects (such as flash cookies) on those users’ devices (such as a computer or mobile phone). Until the Regulations came into law in May 2011, the law had only required users to be given a statement describing the cookies, their use and how to disable them.
It will no longer be enough to obtain consent automatically on a general basis through a user’s browser; other steps will be needed. This has led to concerns as to how it will affect the user-friendliness of sites. But the law is clear – consent is needed. How to show consent is not clearly set out in the new law. The Information Commissioner’s Office has provided some guidance with suggestions. The type of consent the user must give will vary according to what the cookie contains, at what point in the process it is placed and also according to what the user may already have agreed to. See the guidance here. However, despite the guidance being updated in late 2011, it does not give totally definitive answers.
We have already been advising clients on how to comply with this new law and have come up with some practical suggestions of our own. If you would like to obtain our advice, please contact us on mark.weston@mablaw.com or paul.gershlick@mablaw.com.