Having been led on a ‘wild goose chase’ with poor guidance and a lack of communication, SMEs have now been left out of pocket, thanks to the Information Commissioner’s Office’s (ICO) handling of the ‘cookie law’ regulation.
With little guidance from the regulating body, smaller businesses have invested precious resources in trying to comply with the confusing ‘cookie law’ only for a last-minute u-turn by the ICO to render their efforts futile.
Issuing just two sets of guidelines throughout the year’s ‘preparation period’ the ICO has done little to guide the little guys leaving them to invest valuable time and money to ensure full, explicit consent of cookie-use on their sites. The last minute guidance from the ICO, issued just two days before the regulation deadline, now recognises implied consent as compliant, leaving the well-meaning SMEs out of pocket.
Neil Lathwood, technical director at Manchester hosting specialist UKFast reveals the impact that the last minute change has had on small companies: “It takes a significant amount of effort to put a system of full consent into place and it is far beyond the realms of most SMEs. Those who have invested the time and money to set up pop-ups or banners have now been told that ‘implied consent’ is compliant with the law, making their well-meaning efforts pointless and probably costly.”
Mark Steven, head of client services at digital agency CIVIC describes the huge impact that the zero-hour turnaround had on the digital agencies that have been responsible for helping their clients adhere to the law.
He says: “The last minute change in guidance from the ICO really threw the cat among the pigeons for us. There had been so little guidance beforehand that we were working towards the only safe option of full, explicit consent whereas now we are recommending that users implement an implied consent model on their sites, unless they depend heavily on particularly invasive cookies.”
The poor communication from those regulating the law has led to different interpretations by bosses in the UK with some choosing to invest in complete complicity and others completely ignoring it.
Steve Kuncewicz, head of legal at online fashion retailer BooHoo.com explains: “People do use the £500k fine as a stick but recent research from KPMG suggests that 80% of businesses are not compliant with even the new, slightly relaxed rules and are adopting a ‘wait and see’ attitude.
“It’s going to be some time before we get a clear idea of how enforcement will pan out but, in the meantime, going above and beyond to demonstrate informed consent is still the best idea.”
“There are steps that you could do in advance of a total website refresh,” advises Lucy Nixon, editor at Corporate Eye. “You could audit your website to see what cookies you are using and then work out which ones matter and need consenting to and which don’t. Then you can disclose to the site users and tell them ‘this is what we are doing with cookies and why’.”
Garry Byrne, MD of Manchester agency Reading Rooms agrees. He says: “I have seen so many people in the industry who are just saying ‘let’s see what happens’ as they think it is an unenforceable law and they cannot afford to do anything about it. Not all companies can do this overnight because they don’t have the money but, they are doing as much as they can do at the moment and I think the ICO would be happy with that.”