This weekend, the 12 month grace period for compliance with the new EU cookie rule comes to an end.
On the 26th May last year the UK implemented new EU rules (Directive 2009/136/EC) regarding the use of internet text-files called 'cookies' through the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011. Prior to implementation, the Information Commissioner's Office (“ICO”) published guidance on how businesses should implement the Regulations, and confirmed that it would give website owners 12 months to comply with the new law. As this 12 month period comes to an end the ICO has commented on its plans for enforcement.
In terms of enforcement the ICO has a range of options available including the ability to issue Information Notices, Enforcement Notices and can also request that businesses sign undertakings. Under the Regulations, the ICO also has the power to impose financial penalties of up to £500,000 for serious breaches.
The ICO has made various comments recently regarding their approach to enforcement. Their guidance on the matter confirms that "enforcement will be practical and proportionate" and that any formal action must be a "proportionate response to the issue it seeks to address". With regard to monetary penalties the guidance states that "monetary penalties will be reserved for the most serious of breaches."