EU Cookie Legislation

On May 26th 2011 the The Privacy and Electronic Communications (EC Directive) Regulations 2003 came into force and, acknowledging the complexity of falling into line, UK websites have one year to comply. The 2003 Regulations implemented a European Directive, which is concerned with the protection of privacy in the electronic communications sector. In 2009 this Directive was amended to include a change to Article 5(3) of the requiring consent for storage or access to information stored on a subscriber or users terminal equipment.

In a timely posting Brian Kelly reminds readers that some sort of action IS necessary and that we are past the half-time mark in moving towards compliance. In the UK the Information Commissioner's Office (ICO) has produced guidelines offering a "pragmatic" approach to compliance, the bottom line being that if websites do not comply there should be clear evidence of a strategy:

"to be able to demonstrate they have taken sensible, measured action to move to compliance. If a website has not achieved full compliance at the end of the period the Information Commissioner will expect a specific and clear explanation of why it was not possible to comply in time, a clear timescale for when compliance will be achieved and details of specifically what work is being done to make that happen."

UKeiG is in the process of upgrading its website - the second phase of our upgrade, which should be compete by January - and when that is complete will be in a position to address the use of cookies.

Meanwhile, we can point readers to three useful sources of information:

1. JISClegal's guidance offers a short summary.

2. Brian Kelly's recent postingonhis blog, The Half Term Report on Cookie Compliance

3. The ICO Guidance