New IT Privacy Laws

New EU rules governing the use of cookies entered UK law in May last year but the Information Commissioners Office (who is charged with enforcement), gave industry one year to comply. That period of "grace" expires in May, meaning that all companies need to ensure that their websites are operating within the law.

For years there has been a legitimate concern over the use and exchange of personal information (e.g. name, address, age) which heralded the introduction the Data Protection Act (1998). More recently, concern has grown over a rather different form of personal information that can be best described as ‘behavioural data’. This information can be derived even if the website doesn’t know exactly who you are. This is done by assigning you a unique ID that is stored as a cookie on your web browser.

Cookies are used extensively – almost all websites use them to track anonymous users (i.e. people who have not registered or logged in). It is helpful for sites to know how many people are visiting their site and how they navigate around it. However, this new legislation states that from May 2012, websites must gain explicit consent from the user before any cookie is set. The user must also be given an ability to opt-out from having cookies stored on their computer.

The web development community is against this new legislation as while there is a legitimate concern over ‘third-party’ cookies, the law has been written in such a way that it covers the use of all cookies. However, the directive is now part of UK law and therefore compliance is compulsory.

For more information on how these changes may affect you, speak to your website hosting provider or contact Justin Selig.