This article was originally written for and featured in Childrenswear Buyer Online.
Why do these issues matter?
- committing a business to a particular course of action in order to improve its compliance with the Regulations;
- compelling a business to take action to bring about compliance with the Regulations; and
- although unlikely, fining a business up to £500,000.
But the non-legal consequences of not complying with the Regulations should be of equal concern to businesses.
The Regulations require that users are told about the cookies placed on a website and given the choice as to which of their online activities are monitored in this way. A cookie may only be used if users have given their consent having been provided with clear and comprehensive information about the purpose of that cookie. Consent must involve some form of communication where the user knowingly indicates their acceptance – obtaining consent that relies on a user’s ignorance about what they are agreeing is unlikely to comply with the Regulations.
Between April and June 2014, the ICO received 38 concerns reported about cookies. The ICO has stated that it is taking a practical and proportionate approach in enforcing the Regulations where organisations are making the effort to comply. However, its current focus is on ensuring compliance with the Regulations by websites that are doing nothing to raise awareness of cookies, or to obtain the user’s consent to the use of various cookies. The ICO will look unfavourably on a business with a casual approach to data protection and the privacy of its customers, particularly at a time of heightened interest following, for example, the trial of Rebekah Brooks and Andy Coulson.
What do you need to do to comply? As a first step, if you have an online presence you should undertake a “cookie audit” to assess the cookies used on your website, and the purposes of each cookie. Once identified, you will be able.