From today the UK's Information Commissioner's Office will begin enforcing the EU's revised ePrivacy Directive that requires website owners to be upfront with their users about the information they collect.
The so-called cookie law was implemented on 25 May 2011 by Brussels officials, but getting the legislation transposed locally within the 27 member-states of the European Union has proved to be tricky, perplexing, disruptive, confusing and a bit of a mess, really.
Here in Blighty, the government made the decision to effectively free up web owners from the burden of complying to the directive by deferring policing of the law for one year. The law requires sites within the EU to obtain a visitor's consent before they install a cookie in their browser.
Time has now run out and from today the Information Commissioners Office will be enforcing the law and fining those web operators that are found to have violated the rules. A penalty of up to £500,000 could be imposed against those that fail to comply.
But the data protection watchdog has signalled it would take a gentle approach to enforcement and pointed out that very few companies would be slapped with a hefty fine for non-compliance.
The ICO's Dave Evans said yesterday:
We’ve been saying that we expect organisations to be on the path to compliance – which means that UK websites must provide visitors with sufficient information to make a decision on whether they are happy for a cookie to be placed on their device and obtain consent before placing a cookie.
The regulator has an updated version of its guidance for compliance here. It's probably worth reading between bites of ketchup-smeared cow. ®