From tomorrow (26 May 2012) the Information Commissioner’s Office will enforce the law requiring all websites to inform users and obtain consent of cookies being placed on devices.

The Privacy and Electronic Communications Directive was introduced by the UK government on 26 May 2011, with organisations being given a one-year grace period before any enforcement of the law would begin. The ICO could now impose fines of up to £500,000 in the most serious cases, but will first issue organisations with warnings. 

The sort of solutions organisations chose to implement depends on the type of cookies it uses and the complexity of the website.

Charities such as the Great Ormond Street Hospital, have now posted a banner to tell users there are cookies on the site directing them to a link to disable them.

Other organisations, however, are waiting to see how others implement changes and for further guidance from the ICO. Barnardo’s told civilsociety.co.uk that this is what it is doing.  Bob Darby, director of information services at the charity, said:

“Our approach is based on a detailed risk assessment that takes into account all factors including the loss of income that would result from pursuing full compliance."

He added that the charity was keeping the issue “under review” and would make necessary changes if internet browsers were upgraded to include consent functionality or if an industry standard emerges.

According to a recent survey of 2,000 people by the Internet Advisory Bureau UK, 90 per cent of the public want control of their privacy. However, only 37 per cent understood what cookies where, with 36 per cent being unaware of them and 28 per cent misunderstanding them.

The ICO has also today published guidance for the public, explaining what cookies are and how they can delete them as well as a link that people can use to report websites not complying with the law.

Concerns about the impact of the changes

Charities have raised concerns about the potential impact after the changes to websites have been implemented.

Action Aid UK is currently deciding how it will comply with the legislation and a spokeswoman told civilsociety.co.uk that: “We are obviously concerned about the impact this is going to have on the use of non-intrusive analytics (the standard use of Google analytics for example) and the user experience.”

She added: “We would be very worried if we were forced to request consent for all types of cookie because of the impact this will have on our fundraising and campaigning.”

Under the legislation, websites that use cookies that are live for just one session, need not receive consent.

The RNIB has raised concerns that the implementation of solutions may make websites inaccessible to the blind and partially sited people.

Kelly Harrison, web and digital development manager at RNIB said: “If not implemented correctly, this law could make the internet a more difficult place for blind and partially sighted people to get around. Organisations may be able to comply with this law, but find themselves breaking the Equality Act."

The ICO warns that all organisations with a website "must be on the path to compliance". Dave Evans, from the ICO said: "This means that UK websites must provide visitors with sufficient information to make a decision on whether they are happy for a cookie to be placed on their device and obtain consent before placing a cookie.”