Long Way to Go for UK Institutions to Comply with EU Cookie Law
With less than 50 days to go until a major new EU law comes into force governing website cookies, a KPMG analysis of 55 major UK organisations across UK private and public sectors found that 95% were not in compliance with the cookie-related requirements of the EU Directive on Privacy and Electronic Communications and are therefore risking fines of up to £500,000.
The directive becomes enforceable UK law from 26 May 2012. From then on, websites need to obtain users’ opt-in consent first if they install cookies that pass on information about browsing activities to third parties. Non-compliant websites may be subject to a fine.
Yet the analysis showed a surprising lack of compliance with only one asking specifically for opt-in which is the key requirement of the directive. Surprisingly, two sites did not use any cookies at all.
The analysis was conducted at the end of March 2012 and focused on evaluating cookies set when entering the sites. KPMG also reviewed current terms and conditions and/or privacy policies accessible from the front page. This review revealed that, in addition to the one site already asking specifically for opt-in; only two sites mentioned that they are currently being updated to become compliant before the deadline.