Crunch time for 'cookies' in data harvesting law reform
Nowadays while surfing the net, we're all used to the pop-up messages on home pages about 'allowing cookies'.
This is due to a change in the law in 2011. The Privacy and Electronic Communications (Amendments) Regulations 2011 restricts information being placed on, or read from, a user's device. If you are setting cookies on your website you must tell people that the cookies are there, explain what the cookies are doing, and obtain their consent to store a cookie on their device.
Hence the now familiar 'allow cookies' button on most sites.
The Information Commissioner's Office (ICO) introduced a one-year grace period to allow organisations to implement a solution. But many have still failed to comply fully with the regulations and the ICO has indicated that it will begin to penalise those who have failed to comply, up to a maximum of £500,000.
The problem is that many organisations have overlooked that the regulations also apply to mobile phones and similar devices, and haven't applied their internet site compliance solution to their mobile website.
Mobile phones present particular challenges for compliance with the regulations. Personal data can be harvested via mobile phones any time the user uses the internet, mobile or web apps, or Bluetooth, with smartphones also providing geographical locations.
Where cookies or other tracking technology are used to access information stored on a user's mobile handset, consent can be obtained through a page to which all visitors are directed, where they must accept the use of cookie before moving on to their requested page. Alternatively, users of mobile internet pages could be required to register before using the page.
It is essential that organisations take professional advice to ensure compliance with the regulations.