The lead in period for compliance expired in May 2012 but 4 years on and many websites are still not cookie compliant.
The ICO is currently free to consider using its enforcement powers to compel compliance, and the maximum fine for the most serious cases of non-compliance is £50,000.
Current Rules on Cookies
- Has been provided with clear and comprehensive information about the purposes for which the cookie is stored and accessed.
- Has given consent.
What Websites Should Have Done by Now
As a minimum, website owners should now be able to show that they have taken steps towards compliance, including: -
- Carrying out a cookie audit to check what type of cookies they are using and how they are using them.
- Assessing how intrusive those cookies are to the user’s privacy.
- Deciding how best to obtain consent.
The more that cookies intrude into a user’s privacy, the important (and urgent) it is to be addressing this issue, and the more important to be prominently providing information about those cookies and obtaining meaningful consent.