New Privacy Regulations for Electronic Communications

Bookmark and Share
26 May 2011

The much discussed Regulations came in to force today (26 May 2011) implementing a 2009 EC Directive. They potentially impact all organisations who use cookies on their website, whether the cookies are used simply for marketing or for e-commerce purposes. "Cookies" are usually small text files that are stored on the user's computer or mobile device in their browser directory or program data subfolders and are created when a website is visited by a user. They are generally used to keep track of the user's movements within the site, help them resume where they left off, remember their login, preferences, and so on.

The key change introduced by the Regulations is that you can no longer rely on giving a person the right to "opt-out" of cookie usage and that a more consensual approach is required. This is still the subject of much discussion between industry stakeholders, Government and the ICO - see, for instance, an open letter from Ed Vaizey, Government Minister for Communications, published as part of the debate on UK implementation. The ICO has provided some guidance on how the requirement for consent might be implemented and on how the Commissioner is proposing exercising his enforcement powers under the new Regulations, including the ability to fine organisations up to £500,000 for serious breaches.

It is worth noting that the ICO has stated that there will be a transitional period of twelve months during which organisations will be required to consider how they might implement any required changes (noting the suggested routes in the above guidance). During this period there is likely to be more discussion and industry lobbying as to how the change may affect the 'user experience' and discussion over which of the options proposed by the ICO is likely to be the preferred route to compliance, or indeed whether developments in browser configuration/technology in the next year may in themselves present a more effective/cost effective and user friendly route to compliance.

If you would like further advice in respect of the new Regulations, or to discuss data protection compliance generally, please contact Andrew Dunlop (0117) 902 2786 or Martin Cuell (0117) 9026673.

Search news archive