01622 689700 / 01474 887688

Website privacy rule change

A new EU directive has been imposed to force member states to make changes to their national legislation around how websites collect cookies.

Many websites only allow full access to features if cookies – a small text file placed on your computer which allows the website to identify the computer user for future visits – are enabled on a user’s web browser.

Currently, under the European E-Privacy Directive, you can opt out of allowing cookies if you wish. The website owner must:

  • provide clear and comprehensive information about the purpose of the cookies and any access made to information stored on your computer; and
  • allow you the opportunity to refuse to accept the cookie.

At present, it is sufficient for the website operator to include this information in the ‘privacy policy’ in its conditions of use, which, in practice, few website users bother to read.

However, the EU has decided to amend the Directive to impose an ‘opt-in’ system, whereby the user will be asked specifically to agree to accept cookies.  This is called obtaining the ‘informed consent’ of the user.

This system is opposed by website operators, since many users will decline to accept cookies and the operators will lose valuable marketing information. EU member states had until 25 May 2011 to implement this change into their national legislation.

However website owners can seek some comfort from the fact that general consent can be expressed in the user’s browser settings (i.e. by setting the Internet options to ‘accept cookies’) and an exception to the ‘opt-in’ is allowed where the placing of a cookie is necessary to make part of the site function for example in online payment systems.

If you are having a website built or redesigned, make sure that you comply with the new regulations.

For more information contact Philip Grylls, partner and head of the litigation team