The new cookie laws – what does this mean for retailers?

Friday 2nd September 2011

New regulations which came into force in May 2011 now enable consumers the opportunity to control the use of their private information on-line.

Often referred to as the new cookie laws, the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 will impact upon most websites in the UK, especially those operated by retailers and used for advertising purposes. The new cookie laws could also make it difficult for website owners to monitor online footfall and user trends.

Organisations have to act now to ensure that by May 2012 their websites comply with the Regulations. If they do not, they face the risk of being fined up to £500,000 for non-compliance.

Retailers and advertisers do not have long to get their house in order, especially when taking in to account the time lost through the Christmas trading period.

What is a cookie?

A cookie is a minute electronic text file created by a website owner or advertiser. When a user visits the website, the site owner automatically places the cookie on the visitor’s computer. Numerous cookies are commonly placed on the visitor’s computer during each visit. These cookies then collect information about the visitor which is used by website owners and third parties. This information often includes the visitors name, addresses, usernames and passwords.

Use of cookies allows website owners and advertisers to track a particular user’s activities online. They can record what type of sites a user is visiting and reflect this in the services and goods they place in front of the user when online.

Cookies are also used by online advertising companies, who commonly purchase the information obtained via cookies from retailers and other website owners. It allows advertisers to tailor advertising space on third party websites to the particular user.

Cookies are valuable to retailers and advertisers. They also serve a purpose for users. A tailored website allows the user to navigate the web quickly and identify relevant and suitable goods and services. Cookies also enhance functionality and assist in providing the user with a smooth and user friendly experience.

Users can block cookies through their browser settings. A standard consumer will rarely do this. They would only be prompted to block cookies when they first set up their computer. At this early stage, blocking cookies is not a priority. After that, to change the settings they would have to firstly find out how to do it and then go through the process.

The new cookie laws

The Regulations aim to change the law on Cookies to ‘informed consent’ which will allow consumers the opportunity to control the use of their private information.

The Regulations state that cookies can only be used if the user has been provided with clear and comprehensive information about the purposes for which the cookie is being used, and, has given his or her consent. The only relevant exception is if the use of the cookie is strictly necessary.

There is currently a lack of consensus between various working parties, the Information Commissioners Office (ICO) and the Department for Culture, Media and Sport over what is meant by ‘consent’. Some argue that this means that the user will have to be prompted to give consent on visiting the website. Others suggest that simply tweaking the website’s terms and conditions will work. The ICO, whose job it is to enforce the regulations, have provided some guidance.

Given the lack of consensus and to enable compliance, the ICO has stated that it will allow businesses and organisations until May 2012 to set up new systems to ensure their websites comply with the Regulations. The ICO has stated it will only take action before then if businesses and organisations fail to implement plans now to ensure compliance after May 2012.

Why all the fuss?

Given the lack of consumer understanding, retailers should be concerned about potential customers simply closing down their browser if they are prompted to give consent.

The ICO has tried to take the lead by requesting that the visitor gives permission (http://www.ico.gov.uk). It has been widely reported that immediately following the ICO prompting visitors to give consent, recorded visitor numbers fell by 90%. This may be because visitors are not giving consent and therefore the website is unable to record the visitor or alternatively they are closing the page when consent is requested. Either way, should this trend continue in the private sector it would pose a real problem for retailers and advertisers.

Businesses and organisations also need to take in to account the financial penalties that could be imposed by the ICO, with the maximum penalty being £500,000.

Retailers and advertisers therefore need to tread carefully, balancing the need for compliance against the overall business strategy. The coming months should be used wisely, with advice being sought on the most suitable options.

If you wish to discuss the points raised in this article, or any issues around cookies, please contact Alistair Maiden, commercial specialist on 0113 227 0309 or email: alistair.maiden@gordonsllp.com or Graeme Davy, litigation specialist on 01274 703 918 or email: graeme.davy@gordonsllp.com