This weekend saw the United Kingdom’s so-called “cookie law” come into effect, making it illegal for websites based in the UK to track visitors without their informed consent despite the an estimate from government officials that the majority of websites were not prepared in time to operate properly under the new laws. Welcome to the new Lawbreaking Internet.
Despite the deadline for the British version of the European Union’s e-privacy directive having been known for a year, the BBC reports that a spokeman for the British Information Commmissioners Office expected that “the vast majority of websites” wouldn’t be ready in time for the law being enforced on Sunday. As a result, the ICO said that it wouldn’t be taking immediate action over non-compliance: “Up until now, if we received a complaint about your website we would point you in the direction of our guidance,” said group manager Dave Evans, adding that “Given that everyone has had a year, we’re going to shift from that kind of approach to one which will be very much more focused on those people who don’t appear to have done anything and asking them ‘why not?'”
In future, the ICO will be able to fine non-compliant sites up to £500,000 (Around $781,750 at current exchange rates).
That said, it’s not just British websites that weren’t ready for the new law to go into effect. A survey carried out by Ipsos MORI found that only 24 percent of online users between the ages of 16-24 knew that there would be any do-not-track law in place anytime soon, with 16 percent not even aware of what an Internet cookie actually was. The ICO has come under attack for not doing enough to publicize the law or offer guidance about what was expected once the law was in place, a charge that Evans refutes: “What we want to do is look at where our resources can best be put,” he said. “Regulators have got resources that are not infinite. The best solutions are where industry sits down and develops it themselves. The more they can do, the easier it is for us to regulate.”
The problem is that companies aren’t able to self-regulate without more information about how they should be doing so. “Some of the implementations [so far] are very poor,” complains Tim Gurney, managing director of compliance company Wold Software. “For me, they’re making a mistake because users will stop using their sites.”