The Information Commissioner’s Office will write to 50 top UK websites this week to find out what actions have been taken towards compliance with the new EU e-Privacy Directive.
During a press briefing last week the deputy commissioner and director of data protection David Smith declined to reveal which businesses were included on the list, but confirmed that site traffic was one of the criteria.
The websites in question will have 28 days to respond to the ICO’s letter.
While this may cause an administrative headache for the businesses involved, it will come as good news to many that the ICO does not plan to levy fines for breaches of the EU cookie law.
The deadline for the e-Privacy Directive is fast approaching. While the subject has generated significant attention across Europe, the word 'cookie' continues to dominate the headlines.
In fact, the part of the Directive that applies to cookies is written more broadly and requires consent for non-essential tracking, regardless of whether a cookie is involved.
In this article, I'll review the facts behind the 'cookie law' and lift the lid on what consent really means for UK businesses.
89% of UK consumers think that the EU cookie law is a positive step, though 75% had not heard of the e-Privacy Directive before they were surveyed.
Funnily enough, a similar proportion of marketers (82%) in a recent Econsultancy/Toluna survey think the opposite and view the cookie law as a real threat to the web.
The stats come from a survey of 2,000 consumers carried out by eDigitalResearch and IMRG last month.
According to the IMRG's Andy Mulcahy, the directive provides "an opportunity for retailers to increase trust and loyalty through a clear, unobtrusive and customer-friendly cookie notification process".
I'm not so sure about that...
The EU e-Privacy Directive and subsequent ICO guidance is complicated and confusing enough when you look at desktop sites alone, but then there's the question of how it translates to mobile.
To recap: the 'cookie law' covers the use by businesses of information stored on users' 'terminal equipment' and this covers mobile sites and apps as well as desktop sites.
In a new white paper, Mark Brill from the DMA has bravely attempted to untangle some of the issues around mobile and the cookie law.
I've looked at some of the recommendations from the report, and the threat that the e-Privacy Directive poses to mobile marketing and m-commerce...
The EU 'cookie law' is clearly a threat to online business in the UK, whether through higher bounce rates caused by intrusive cookie opt-ins, or loss of income if customers opt out of third party cookies used for remarketing and ad targeting.
Some have estimated that it will cost the UK economy £10bn in a worst case scenario, but this is just guesswork at the moment.
I asked some of the expert contributors to our EU Cookie Law: A guide to compliance report how the EU E-privacy directive will affect their business, and if it's possible to comply without affecting usability.
With the EU e-Privacy Directive's compliance 'deadline' just a month away, many businesses are wondering not only what they should do about it, but also how the law will be enforced by the ICO.
While working on our EU cookie law guide, I spoke to Dave Evans, Group Manager for Business & Industry at the Information Commissioner's Office (ICO).
I asked how actively the law would be enforced, the likely penalties for non-compliance, and whether implied consent solutions would be acceptable.
While around a third of retailers will use pop-ups to request consent for cookies, the vast majority will not make cookie consent compulsory.
These stats come from a survey of 100 retailers with revenues of £3m p.a. or more, conducted on behalf of Eccomplished.
The figures suggest there is much confusion amongst retailers over how to comply with the e-Privacy Directive, also shown in our previous survey of internet marketers.
The EU E-privacy Directive will be enforced from the end of next month, and businesses have some big decisions to make about how they will comply.
Will businesses attempt to fully comply by using an opt-in consent box for users, will they attempt to do just enough to escape the attentions of the ICO, or simply do nothing?
I asked some of the expert contributors to our EU Cookie Law: A guide to compliance report how they intend to comply with the cookie law.
UK websites drop an average of 14 cookies per page meaning users encounter anywhere from 112 to 140 trackers during an average session on a website, according to data from TRUSTe.
More than two-thirds of these trackers (68%) belong to third-party companies, making it difficult for websites to comply with the EU E-privacy Directive.
The survey, which looked at 50 top UK websites, found that 96% of sites had available privacy policies but 80% of those did not disclose how long the company retained user data.
Websites applying opt-in consent mechanisms to comply with the EU E-privacy directive will have a hard time convincing users to accept cookies, as just 23% of respondents said they would be happy to say yes to cookies.
One major issue with this directive is public awareness of what cookies are and what they do. Suddenly, web users will be seeing messages about cookies all over the place, accompanied with references to tracking, privacy etc.
There is a need for education about cookies and online privacy in general, but that very process may be a turn off for many users.
To gauge possible public reaction to the implementation of cookie compliance measures, we conducted an online survey, using the Toluna Quick survey tool.
The survey accompanies the launch of our new report, The EU Cookie Law: A guide to compliance, which looks at how businesses can adapt to the directive.
The results suggest that businesses have a lot of persuading to do in order to convey the benefits of the cookies they use on their websites, and to persuade users to opt-in, or at least not to opt-out.