Amy Hylton, a lawyer in Higgs & Sons’ commercial department, says that UK businesses have until this date to implement changes in the E-Privacy Directive affecting cookies.
Amy explains: “Cookies are data files which gather information about a website user or tell the website whether they are a repeat visitor. The use of these cookies is governed by the E-Privacy Directive for the processing of personal data and collection of information.
“Historically, the requirements relating to cookies were that the use of them was permitted so long as the user had the opportunity to refuse them – for example to ‘op-out’. Moving forwards, the system now permits cookies if the user has given his consent to the use of them. This is now an ‘opt-in’ system.”
Practically, the UK government has rejected an ‘opt-in’ system which would mean website users would have to consent to each and every cookie. The government has also specified that it plans to permit websites to take advantage of Regulation 66 of the Citizens’ Rights Directive. This provision allows a user’s consent to cookies to be expressed by its browser settings.
“For many businesses, the changes will be easily implemented by small amendments to the wording and positioning of privacy policies on a website. However, a review of your policy is worthwhile, whatever size your business is, to avoid potential enforcement action from the Information Commissioner’s Office.”