New Privacy Regulations for Electronic Communications
26 May 2011
The key change introduced by the Regulations is that you can no longer rely on giving a person the right to "opt-out" of cookie usage and that a more consensual approach is required. This is still the subject of much discussion between industry stakeholders, Government and the ICO - see, for instance, an open letter from Ed Vaizey, Government Minister for Communications, published as part of the debate on UK implementation. The ICO has provided some guidance on how the requirement for consent might be implemented and on how the Commissioner is proposing exercising his enforcement powers under the new Regulations, including the ability to fine organisations up to £500,000 for serious breaches.
It is worth noting that the ICO has stated that there will be a transitional period of twelve months during which organisations will be required to consider how they might implement any required changes (noting the suggested routes in the above guidance). During this period there is likely to be more discussion and industry lobbying as to how the change may affect the 'user experience' and discussion over which of the options proposed by the ICO is likely to be the preferred route to compliance, or indeed whether developments in browser configuration/technology in the next year may in themselves present a more effective/cost effective and user friendly route to compliance.
If you would like further advice in respect of the new Regulations, or to discuss data protection compliance generally, please contact Andrew Dunlop (0117) 902 2786 or Martin Cuell (0117) 9026673.