At the end of May this year the European Union, via DIRECTIVE 2009/136/EC, brings into European law that users have to give their explicit consent to websites using tracking cookies.
"Third parties may wish to store information on the equipment of a user, or gain access to information already stored, for a number of purposes, ranging from the legitimate (such as certain types of cookies) to those involving unwarranted intrusion into the private sphere (such as spyware or viruses). It is therefore of paramount importance that users be provided with clear and comprehensive information when engaging in any activity which could result in such storage or gaining of access. The methods of providing information and offering the right to refuse should be as user-friendly as possible. Exceptions to the obligation to provide information and offer the right to refuse should be limited to those situations where the technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user. Where it is technically possible and effective, in accordance with the relevant provisions of Directive 95/46/EC, the user’s consent to processing may be expressed by using the appropriate settings of a browser or other application. The enforcement of these requirements should be made more effective by way of enhanced powers granted to the relevant national authorities."
So what does this actually mean for you and your users? Unfortunately, currently the answer is still not entirely clear.
The reason for this uncertainty is that there is considerable confusion about the directives implementation into UK law, with the Government lagging behind in their implementation preparations. The Department for Culture, Media and Sport are responsible for working on the regulations and how to implement the directive, whilst the Information Commissioner’s Office (ICO) is responsible for the enforcement.
Recently a spokesman for the Governments Department for Culture, Media and Sport said that the Government were advising the ICO not to take enforcement action against companies due to delays in what they called 'technical solutions', but critically added that as long as organisations were working towards compliance they should not be punished.
Many companies are not even aware of the cookies that their sites create. So the first step is to speak to your website development agency or IT department and make sure you understand exactly what cookies your site(s) create and use. Then, it is our understanding, that you need to start planning towards compliance, as it appears that lack of action due to confusion is not going to be acceptable defence!