From later this month, UK-based organisations running websites in the UK will have to get 'informed consent' from visitors to their websites before storing and retrieve information on users’ computers. Using cookies technology is a common method of storing this information.
The requirement is due to an amendment to the EU’s Privacy and Electronic Communications Directive, and firms face fines of up to £500,000 if they break the EU law.
The ICO’s guide encourages organisations to check what type of cookies, and similar technologies, they use, assess how intrusive the technology is, and decide how best to obtain consent.
Information Commissioner Christopher Graham, said: “We’ve already consulted a wide range of stakeholders, but we want to spread the net as wide as we can and would welcome further comments from others who have practical examples to share. This advice is very much work in progress and doesn’t yet provide all of the answers.
“We’re responsible for regulating the new law and will undoubtedly start to receive complaints about companies who are using cookies without consent. We’d urge all UK businesses and organisations to read our advice and start working out how they will meet the requirements of this new law.”
The amendments to the regulation come into effect on 26 May 2011. In addition to the cookies law, they grant the ICO a number of new powers, including allowing the information watchdog to serve monetary penalties of up to £500,000 to organisations that make unwanted marketing phone calls.
The ICO already has the power to fine firms up to £500,000 for serious personal data breaches.