Companies and individuals who use cookies without asking first could be fined up to £500,000 under a new law.
Cookies are information files stored on the computer of a person visiting a website, and can be used to identify repeat visitors. Previously, operators of websites using cookies were required to tell browsers how the cookie was being used and how they could opt-out if they objected. However, recent changes to the Privacy and Electronic Communications Regulations 2003 mean cookies can only be placed on machines where the user has given consent. An exception may be made where the cookie is “strictly necessary” for a service requested by the user.
The Information Commissioner’s Office (ICO), which has issued guidance on the change, has powers to issue fines of up to £500,000 for breaches of the new law.
Tom Morrison, partner at Rollits, says: “The law has now changed and the ICO will undoubtedly start receiving complaints about websites straight away.
“It is not in a position to simply ignore those complaints. While it has been widely publicised that the ICO will not will be issuing fines specifically for cookie breaches until May 2012, it has been less widely reported that there is an enforcement mechanism in place effective immediately centred around the use of warning notices.
“If you receive a warning notice before May 2012 and a complaint is received after that date you will be at a significantly heightened risk of receiving a fine.”
