RSPB and the National Trust have been contacted by the Information Commissioner’s Office asking them how they have adapted their websites to comply with the new cookie laws.
The two charities were among 75 organisations that the ICO wrote to last week, shortly after the 26 May deadline for compliance with the new regulation came into force.
In the letter to the organisations the ICO states that its aim is to, “gather information to assist the commissioner in understanding how organisations are working towards or have achieved compliance with the revised rules for cookies”.
Ahead of the deadline Diane Gore, RSPB supporter relations told civilsociety.co.uk that: “'We have had regular briefings from the ICO, also other relevant authorities and we are following the practice that they recommend. One element of that recommendation is to review good practice elsewhere, giving charities the opportunity to take into account the measures adopted by the commercial sector, which has far greater resources available.”
A range of organisations were contacted by the ICO, based on popularity with the general public, giving them 28 days to inform the Commissioner of their progress. Other organisations on the list include the Cabinet Office, BBC, Facebook, Lloyds TSB, Met Office and Weightwatchers.
The ICO said it expects that organisations are now compliant with the law, but if they are not should explain why not and provide a time-scale for compliance. Organisations that are not compliant face a fine of up to £500,000.
On 28 and 29 May KPMG carried out an analysis of 55 UK websites and concluded that 80 per cent were not compliant with the letter of the law, but that 40 per cent had updated their privacy policies to provide more details. In April it carried out a similar analysis which found that 95 per cent were not compliant.
Stephen Bonner, partner in the information protection and business resilience team at KPMG said that although there was progress, “what we have also seen is a great deal of confusion around what is actually required to comply with the law. Therefore, many organisations take a wait-and-see approach at this stage. Some also seem to assume that the measures they have taken so far are sufficient – but they are not.”
Last month charities expressed concerns about the impact of the new regulations, which require websites to get consent from users before placing a cookie on their device.
The Privacy and Electronic Communications Directive which, among other stipulations, requires organisations to allow users to opt-out of cookie-use on a website was introduced by the UK government on 26 May 2011, with organisations being given a one-year grace period before any enforcement of the law would begin. The ICO has also launched an online tool for the public to report websites.