ICO urges businesses to start preparing now for cookie law

The Information Commissioner's Office (ICO) has urged businesses to begin working towards compliance with the so-called 'cookie law' before enforcement begins in May 2012.

The law came into force on 26 May this year and requires companies to gain the explicit consent of web site visitors to install and run cookies that may gather information on browsing habits, but the ICO has said that it will not take any legal action for one year.

However, David Evans, ICO group manager for business and industry, said at an event hosted by law firm Field Fisher Waterhouse on Tuesday that, with only six months to go until the law is enforced, companies cannot ignore it any longer.

"The [cookie law] is a chance to be open with users and let them make informed choices, and we are seeing some really good practice from people out there, but if you're not on that journey you need to start getting there now," he said.

"If you say we are doing nothing, we can point to a lot of others and say why aren't you doing that?"

Evans added that owners of sites that use cookies must also ensure that visitors can easily access information on privacy policies.

Evans said that the ICO will release updated guidance on how businesses can achieve this in the coming days, and that one key aspect is how to make privacy policies more visible.

"If you're worried people might not see your privacy policy, maybe the first step should be to consider where the link is on the page. If it's at the bottom maybe it should be made more prominent," he said.

"We'll get criticised for this, saying it's too simplistic or that marketing teams won't like it [by ruining the aesthetics of site], but the law is about making information attractive to users to help inform users."

Meanwhile, Philip Milton, from the Department for Culture, Media and Sport, added that as far as the government is concerned there is no "magic bullet" to adhering to the cookie law, but that it's about taking advantage of several potential processes.

"There's no one way to get consent to be compliant with the legislation. It's about an ecology of solutions that can be used to form a package of compliance," he said.

"Browsers can offer a way for users to give consent, while web publishers that are responsible for the cookies they place on users' machines should provide increased information about the cookies they are providing."

The ICO is one of the few sites to have embraced the cookie law, and has been requesting users' consent since the law came into force.