The European data protection authorities will be conducting a “cookie sweep” later this month, carrying out random spot checks on websites to assess for compliance with EU “cookie” laws. Businesses should therefore be checking their websites and cookie notices now to ensure they are compliant and fix any issues. Even if you are a non-EU (e.g. US) company it may catch you.
These are just some of the key questions businesses should be asking of themselves in light of this pending initiative in Europe, which could well trigger a subsequent wave of regulator enforcement action.
In an earlier Client Alert you will recall that enforcement powers have increased significantly in recent times. (For example, in the UK, fine levels for breaches in the data protection arena recently increased from £5,000 to potentially £500,000 for serious breaches.) So the enforcement regime has changed and should not be ignored. Also the “grace” period within which to ensure compliance regarding consents/ cookies/tracking is now over. Businesses are expected to have had enough time to understand the new rules and act to comply.
Being a US business or other non-EU business does not necessarily give you a “pass” on these EU requirements either. If you operate a website accessible in the EU, do business in the EU and/or supply goods or services to the EU, you should use these coming days to implement adequate cookie compliance solutions and to ensure you are on top of these issues.