ICO Warns On New EU Cookie Rules

The data regulator has highlighted the looming deadline set to shake up Internet tracking

Businesses and other organisations running websites in the UK must ‘wake up’ to the fact that European Union (EU) legislation, which will require them to get consent in order to store or access information on consumers’ computers, is coming into force soon.

That is according to a speech by Information Commissioner Christopher Graham at an annual Data Protection Officer conference hosted by the Information Commissioner’s Office (ICO) in Manchester today.

The new law, which will come into force on 25 May 2011, is an amendment to the EU’s Privacy and Electronic Communications Directive designed to keep pace with the constant evolution of online fraud.

Finding new tracking techniques

Image source: Jaakobu, Wikimedia

But some have contested it is about to drive ‘cookie’ web tracking technology out of existence.

Graham, said: “The Directive will come into force in less than two months time and businesses and organisations running websites in the UK must wake up to the fact that this is happening.”

He said the ICO was proactively working with the government, businesses and the public sector to find a workable solution, recognising that the Internet today depends on the widespread use of cookies and legitimate business reasons for using them.

“So we are clear that these changes must not have a detrimental impact on consumers nor cause an unnecessary burden on UK businesses. One option being considered is to allow consent to the use of cookies to be given via browser settings,” he added.

“Once the new regulations are published there will be a major job of education and guidance to be undertaken. In the meantime, both the business community and public sector organisations need to start thinking clearly about how they will meet the requirements of the new Directive.”

The Department for Culture, Media and Sport is leading on implementing the new measures in the UK while the ICO will be responsible for regulation.

Could damage fraud strategies

The cookie has been the main information carrier for most many e-commerce and social networking operators to find their customers based on shopping tastes and behaviour, David Britton, vice president of industry solutions at fraud prevention technology vendor 41st Parameter told eWEEK Europe UK. Although browsers like Google’s Chrome have begun to buck the trend.

“It’s very easy for customers to disable cookies or allow browsers to automatically delete cookies after each session,” he said. “But for those cases where businesses use cookies to identify return customers or potential fraud, this could be a major dent in their online loyalty and fraud strategies.”

41st recently secured a patent for Time Differential Linking (TDL), a feature that helps retailers and financial institutions fight online fraud by providing more accurate device recognition without using cookies.