Businesses warned about the use of 'cookies' on websites following EU move

21 June 2011

The Forum of Private Business (FPB) is warning its members that their websites could fall foul of new EU rules governing the use of ‘cookies’ - the code that is installed on a user's computer allowing a site to remember and recognise visitors. Currently, many websites use cookies to help users navigate pages efficiently, performing tasks such as remembering log-in details, browsing history and ordering information.

Phil Orford

Analytics software that monitors website usage, along with third party advertising such as Google's AdSense, also generally functions using cookies.

Recent updates to the EU’s Privacy and Electronic Communications Regulations, however, mean that it is now technically illegal for UK websites to do this without first seeking the user’s consent. Companies found to have fallen foul of the new law, which was introduced back at the end of May, face a fine of up to £500,000.

Fortunately, there is some respite. The body tasked with policing the regulations - the Information Commissioners' Office (ICO) – has said that, if it receives a complaint about a website using cookies without first gaining consent, it will give the site’s owner “up to 12 months” to make alterations before prosecuting.

But FPB chief executive, Phil Orford (pictured) is advising his members and businesses in general to err on the side of caution and make any necessary changes to their websites as soon as possible in order to avoid potential problems.

“Previously, the rules surrounding the use of cookies meant that you were obliged to explain somewhere on your website how you used them and how visitors could stop your site from doing so," he says.

“Now, you won't be able to put cookies on people's computers without them consciously giving their consent for you to do so, even if it means your website might not work properly as a result. A business with a simple, non-interactive, two or three-page site shouldn’t be affected but if your website has a shopping basket function, remembers when a user has logged in, carries third party advertising or uses an analytics package, it is likely that it uses cookies to do so."

There is a considerable degree of ambiguity surrounding how the rules will work in practice and the government is currently discussing the legislation with the browser providers. Websites might soon be able to rely on the user's browser settings to indicate consent, but this is not possible at present.

The ICO suggests a three-pronged approach: check what type of cookies you use – if any; assess how intrusive they are, and decide how best to obtain consent from users. This could include a pop-up message, offering an opt-in option when someone signs up for your service, or letting them make choices about how they use your site.