UK data protection authorities will start to enforce a year-old cookie law from this weekend.
UK organisations must be able to show they are making efforts to get consent for placing tracking programs called 'cookies' on web visitors' computers and devices from Saturday. The Information Commissioner's Office (ICO) will begin to enforce complaints about cookie use from 26 May.
Amazon, BBC News, Everything Everywhere, and Microsoft were among the organisations that were contacted. The list of organisations was published in 'related items' at the bottom of a blog post on Friday by Dave Evans, ICO group manager for business and industry.
"We expect organisations to be on the path to compliance — which means that UK websites must provide visitors with sufficient information to make a decision on whether they are happy for a cookie to be placed on their device and obtain consent before placing a cookie," Evans said.
The ICO has given organisations a year's grace to comply with the Privacy and Electronic Communications Regulations (PECR), which updated the UK stance on cookies. The letter gave organisations 28 days to inform the ICO of efforts made to comply.
"If your organisation has not yet achieved compliance, please provide an explanation about why it has not been possible to comply within time, a clear timescale for when compliance will be achieved, and details of specifically what work is being done to make that happen," ICO PECR enforcement manager Dave Clancy said in the letter.
The letter said that non-compliant organisations faced enforcement notices and the possibility of fines of up to £500,000. However, both information commissioner Christopher Graham and deputy information commissioner David Smith have said that fines were very unlikely.