Belfast Telegraph

Crunch time for 'cookies' in data harvesting law reform

By Maria Loan

Nowadays while surfing the net, we're all used to the pop-up messages on home pages about 'allowing cookies'.

This is due to a change in the law in 2011. The Privacy and Electronic Communications (Amendments) Regulations 2011 restricts information being placed on, or read from, a user's device. If you are setting cookies on your website you must tell people that the cookies are there, explain what the cookies are doing, and obtain their consent to store a cookie on their device.

Hence the now familiar 'allow cookies' button on most sites.

The Information Commissioner's Office (ICO) introduced a one-year grace period to allow organisations to implement a solution. But many have still failed to comply fully with the regulations and the ICO has indicated that it will begin to penalise those who have failed to comply, up to a maximum of £500,000.

The problem is that many organisations have overlooked that the regulations also apply to mobile phones and similar devices, and haven't applied their internet site compliance solution to their mobile website.

Mobile phones present particular challenges for compliance with the regulations. Personal data can be harvested via mobile phones any time the user uses the internet, mobile or web apps, or Bluetooth, with smartphones also providing geographical locations.

Limitations on mobile devices may make it harder to present a detailed privacy policy at the point where an opt-in is required. Therefore organisations need to consider carefully how to create the best format to achieve compliance.

Where cookies or other tracking technology are used to access information stored on a user's mobile handset, consent can be obtained through a page to which all visitors are directed, where they must accept the use of cookie before moving on to their requested page. Alternatively, users of mobile internet pages could be required to register before using the page.

The increasing use of apps also creates problems. Users downloading new apps can simply, at the point of download, be asked to accept the terms and conditions and give their explicit consent to cookies. But existing users of apps may need to consent to the use of cookies, if they have previously been offered the opportunity to refuse the use of such technology under the 2003 regulations.

It is essential that organisations take professional advice to ensure compliance with the regulations.

Belfast Telegraph