Privacy and Electronic Communications Regulations 2011

On the 26th May new EC regulations came into force which relate to the placing of cookies on the computers of website visitors.

Cookies are small data files that provide information to the person placing them. In most cases, including sites built by I-COM, they are used solely to enhance a visitor's experience. For example they might be used to recognise that the visitor is a registered user, or they might provide analytical data on site usage that helps with usability improvements.

However, some cookies are deployed with nefarious intent and can be used to capture data that should be private.

The new regulations are designed to limit the use of this type of cookie. The main requirement of the regulation is that users should be informed of any cookies that might be employed and that the user's express permission is gained before anything is actually put onto their computers.

The big issue is that all currently available solutions for gaining express approval are likely to have a very negative effect on user experience and usability.

The Information Commissioners Office (ICO), the organisation in the UK responsible for overseeing the regulation, has recognised this issue and advised that it does not expect immediate compliance. It would, however, like to see that website owners are developing plans that will deliver a compliant solution in time.

Recommendation to I-COM’s Clients

I-COM is endeavouring to develop a strategy that will help its clients fully meet the requirements of the new regulations without negatively impacting user experience and site usability.

However, until that strategy is finalised we would advise our clients to take the following steps:

1. Undertake an audit of cookies deployed by your site; our support team will be happy to provide an audit service upon request.
2. Revise your site privacy policy to recognise the use of cookies and your intention to comply with the regulations where possible. An example of a possible wording can be found on the I-COM.net Privacy Page, however, it is always sensible to have your privacy policy and terms and conditions for use of the website reviewed by a solicitor. If you have revisions you would like to implement our support team would be happy to amend your privacy page upon request.

In the event that a site’s non-compliance with the regulation is challenged by ICO before a user-friendly solution has been implemented, we recommend that site owners should contact us immediately. We will then be able to implement a temporary, compliant solution, until a more user-friendly solution is available.