Three-quarters of the top 75 websites in the UK have yet to implement the new EU cookie law despite being sent a warning letter from the Information Commissioner’s Office (ICO).
The legislation – part of the revised e-Privacy Regulations – came into force nearly four weeks ago, after a 12-months’ grace. The move triggered a letter from the ICO to 75 of the UK’s most popular sites –asking for proof within 28 days that they are moving towards compliance with the new law.
The ICO letter read: “Our expectation is that you will now be able to demonstrate the action your organisation has taken to comply with the revised rules for cookies.
An ICO spokesman has confirmed that not all of the companies had responded to the request, although he would not reveal exactly how many had failed to stick to the four-week response time.
He added: “We are now receiving replies and will look at the information they have provided to understand how organisations have worked to comply with the changes. A number for organisations have also issued holding responses with a view to providing more detailed feedback shortly.”
Most firms which have changed their sites have included a pop-up tick-box screen which uses wording along the lines of: “We would like to place cookies on your computer to help us make this website better. To find out more about the cookies, see our privacy notice. Tick here to accept.”
But a study of the websites of the 75 companies on the ICO’s list showed at least 56 that were yet to implement changes to comply with the directive.
Many of the companies on the list, which includes Amazon, Apple, the BBC, eBay, Facebook, Google, HSBC, John Lewis, Lloyds TSB, Microsoft, Sainsbury’s, Virgin Media and Yahoo, are heavy users of cookies.
Many are possibly relying on so-called “implied consent” although the ICO guidance warns: “You need to be satisfied that your users understand that their actions will result in cookies being set. Without this understanding you do not have their informed consent.”
The regulator also notes that firms “should not rely on the fact that users might have read a privacy policy that is perhaps hard to find or difficult to understand”.
Related stories
Top UK sites get cookie ultimatum
Cookie consent ‘still baffles firms’
Govt sites to miss cookie deadline
90% of consumers back cookie law
DMA: Use cookie law to build trust