Anyone for Cookies?

The Information Commissioner’s Office (ICO) last week issued guidance on new regulations that will affect thousands of UK business owners following the the publication of the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011.

The new regulations, which came into force on 25th May 2011 and which apply to all EU websites, require website owners to get “explicit consent” from users before cookies are stored on their computers. In effect this makes thousands of websites illegal under European law.

Although consent will not be required when a cookie is strictly necessary to deliver a service which has been explicitly requested by the user, the ICO has confirmed that this will be a narrow exception which applies to a small range of activities, such as the use of cookies in online shopping baskets.

The ICO has said it will not begin enforcing the new rules for another 12 months. Businesses should, however, take immediate steps to:

  1. Investigate which cookies they are already using;
  2. Consider how intrusive these cookies are;
  3. Consider how they will obtain consent.

The ICO will be issuing separate guidance on how it intends to enforce the new regulations.

For further advice please contact us at