UK data regulator issues cookie warning; Google faces compliance challenge

The UK data protection agency is preparing its vat of dough for an online cookie fight, giving companies and businesses six months to prepare for a change in the law.
Written by Zack Whittaker, Contributor on

The UK data protection authority is warning that many UK websites are not complying with new laws governing cookie use.

The new law details how cookies are used on UK and European websites.

But UK companies were given a 12-month grace period by the Information Commissioner's Office (ICO) for companies and businesses, government departments and universities to become compliant.

The U.S. Federal Trade Commission is reportedly seeking a similar change to the law, to give greater control to users' own online privacy settings.

The half way mark was noted this week by stern words from the regulator to website owners: "You must try harder," a clear message that many are heading for a 'F' on their online report cards next year.

The tasty information-storing morsels must be disclosed, and explicit consent must be sought before the website can install cookies on a user's computer or mobile device.

The ICO set the gold standard by complying almost immediately. Clearly at the top of each page the first time a user visits, the ICO asks for consent to use tracking cookies.

(Source: ICO)

But Google, even with its vast resources, capabilities and technologies is struggling to seek compliance. Many of its services require the use of cookies.

Google Analytics, the website-tracking service that enables website owners to determine visitor counts and returning users, installs cookies on tens of millions of websites to provide accurate feedback to businesses running online operations. It's one of many services that Google needs a mass index of cookies to make the products work.

But the search giant said its compliance is "in progress", but taking longer than anticipated. "It's taking a little bit of time", Anthony House, public policy manager at Google, said last week.

One of many problems with the legislation is that though the ICO has to enforce the law once it comes into force in May 2012, the ICO said that it would only intervene should a complaint be made, rather than seeking out trouble to cause of its own volition.

Instead, the UK data protection agency wants to open dialogue with cookie-using businesses and companies to determine how they can move forward.

The Information Commissioner Christopher Graham penned a blog post, giving a school teacher's response, and telling the industry that the industry "could do better".

Granted, the ICO is standing firm on the law. In an absence of commas, probably due to government spending and budgetary cuts, Graham said:

"But if you have decided that this is all too difficult, that you don’t want to give your users choices about how your web pages might collect information about them or that you will get around the law by wilfully misleading people about what you do and how you do it then be assured that if we get complaints or have concerns then we will be checking your site and we will take the necessary steps to ensure that you do work towards compliance."

Websites and businesses alike have six months to comply with the new law.

The UK's largest website, the BBC, still contains no warning that cookies would be collected. That said, neither did half of the government websites when I checked this morning.


Editorial standards