Long Way to Go for UK Institutions to Comply with EU Cookie Law

Michelle Remo, “Big 4″ observer
April 10, 2012 /

With less than 50 days to go until a major new EU law comes into force governing website cookies, a KPMG analysis of 55 major UK organisations across UK private and public sectors found that 95% were not in compliance with the cookie-related requirements of the EU Directive on Privacy and Electronic Communications and are therefore risking fines of up to £500,000.

The directive becomes enforceable UK law from 26 May 2012. From then on, websites need to obtain users’ opt-in consent first if they install cookies that pass on information about browsing activities to third parties. Non-compliant websites may be subject to a fine.

Yet the analysis showed a surprising lack of compliance with only one asking specifically for opt-in which is the key requirement of the directive. Surprisingly, two sites did not use any cookies at all.

Stephen Bonner, a Partner in the Information Protection and Business Resilience business team at KPMG, said: “With less than 50 days to go before enforcement, our analysis has found that the majority of UK organisations still need to complete substantial work to their websites. Time is running out for them so they need to act to avoid severe financial penalties. Whilst the majority of the websites we analysed made a reference to the use of cookies under either the terms and conditions or specific privacy policies, and some also state how the cookies are being used, this is not enough to ensure compliance with the directive. Organisations now need to focus their efforts on establishing an inventory of their web sites and the cookies currently in use, before evaluating their purpose and establish a pragmatic plan to ensure compliance.”

The analysis was conducted at the end of March 2012 and focused on evaluating cookies set when entering the sites. KPMG also reviewed current terms and conditions and/or privacy policies accessible from the front page. This review revealed that, in addition to the one site already asking specifically for opt-in; only two sites mentioned that they are currently being updated to become compliant before the deadline.

 

Share your opinion