Doing nothing about new European rules on data protection is not an option, according to an audit firm.
Peter Gooch, privacy director at Deloitte, said: “In May 2011 Brussels introduced amendments to the 2003 EU e-Privacy Directive requiring websites to gain user consent for the use of tracking technologies, the most common of which are ‘cookies’. The guidance issued on the updated rules encourages companies to be more open about what these cookies are and how they might be used. In the UK, the Information Commissioner’s Office’s (ICO) gave companies a year-long grace period to implement these changes, which comes to an end on May 26.
“A number of grey areas remain, for example, a website might sell some of its space for marketing, which is auctioned in real time to advertisers, making it near-impossible to show users immediately which cookies are going to be used. The questions over where responsibility lies in this situation also require further clarification.”
“What is clear is that doing nothing is not an option. While the ICO has issued some guidance on recommended approaches, both the requirement for opt-in consent (for instance a pop-up requesting consent) and potential situations where implied consent (for instance where a user closes that pop-up without choosing ‘yes’ or ‘no’) may be suitable are still in debate. However, where companies are taking practical steps to identify and categorise the cookies they use and put in place plans for compliance, they may be less likely to be pursued by the regulator, at least in the near term. Where the ICO may take action is if they receive repeated complaints about a certain company, or if a company has been found to have a disregard for the law, for example through misleading individuals on the use of cookies.
“A number of organisations are developing their own solutions – some are using this as a way to demonstrate transparency with their customers in an attempt to gain a competitive advantage through building confidence and trust with consumers. Others may see taking a lead in this area as a more risky strategy, as a rushed or sub-standard solution may actually have the opposite effect. After 26 May it will be interesting to see whether different approaches start to converge, what further guidance is issued and how browsers will become part of the solution – or not.
“The law has been introduced to give consumers greater transparency and control over their own data, which is a good thing. The reality is that many consumers may not even know how cookies are used, so providing the information in a way that will not confuse or scare consumers is vital if this is to achieve its goal and not, as some extreme views have hinted, break the internet.”
