ICO "not ready" to probe cookie complaints

13 Aug 2012
website

PC Pro Exclusive: Information Commissioner not yet ready to investigate cookie complaints, more than a year after new laws came into force

The Information Commissioner's Office has yet to investigate a single website over the new cookie consent rules, because its investigative team isn't ready to start work - more than a year after the new laws came into force.

The regulations - requiring websites to alert users before dropping cookies onto their computers - came into force in May 2011 via an EU directive, but the ICO gave websites a year's grace period to update their sites, which ended 26 May.

Since then, 320 sites have been reported via the ICO's online submission tool, but not a single site has been investigated, according to an ICO response to a PC Pro Freedom of Information request.

"At present the information has not yet been analysed as the team which will have responsibility for this is not in place yet," the ICO said in its response. "It is intended that once the data has been analysed any organisations not in compliance will be identified, then further action will be considered as appropriate."

The team is not expected to start work until the end of this month, but employees have now been hired, an ICO spokesman said. The team will cover cookie consent, as well as other areas of the new Privacy and Electronic Communication Regulations, including electronic marketing and spam texts.

The ICO added that sites reported via the online tool may not necessarily be investigated, saying they "are not being taking forward as individual complaints", adding that "the purpose of this feedback form is to help us to monitor organisations’ adherence to the rule relating to cookies, and identify sectors where further advice or enforcement activity may be required".

The watchdog has previously said it's unlikely to fine sites for not complying, but will instead force them to start following the rules.

The ICO initially said sites would need to get "explicit consent" before dropping cookies, but a day before it was set to start enforcing the rules the privacy watchdog said "implicit consent" would be enough - meaning sites can simply tell users that cookies will be used.

Read more

News