Amendments to the UK's Privacy and Electronic Communications Regulations (PECR) came into force back in May - aligning UK law with changes to the EU Privacy and Electronic Communications Directive.
The changes require companies to gain consent before collecting user data or storing tracking programs such as cookies on users' computers. However, at the time, the Information Commissioner Christopher Graham said he would give UK businesses a year's grace to comply with the new law.
But speaking at a Westminster eForum on digital marketing in London last week, Graham voiced concerns the industry is sleepwalking towards non-compliance - warning delegates that almost half the grace period has now elapsed and not enough is being done by websites and advertisers to prepare.
"For organisations that are in the UK, it's necessary to carry out an audit of the cookies that are being used on their website, ditch the cookies that are useless, work out what information is being collected and document that audit so that there is an insurance policy for those organisations should they be found wanting in an investigation by the ICO..."
Graham said the ICO will be updating the guidance that it has published so far to include examples of good practice. It will also be giving more details about where it expects the regulatory focus to be, come the end of May 2012 when the grace period elapses.
Further Reading:
Cookie consent: It's not optional - it's the law, warns ICO
ICO pushes for compulsory data audits
ICO needs compulsory audit powers, says Information Commissioner
No comments:
Post a Comment