Experts differ on European ‘cookie law’ advice

Many IT managers in the U.K. are in a quandary right now as they decide how, and how far, to comply with the impending European “cookie law.” IT managers in the U.S. will soon face the same dilemma.

Beginning May 26, the U.K. Information Commissioner’s Office (ICO) will enforce the privacy and electronic communications regulations (PECR), requiring website operators to explicitly ask permission from visitors before placing a cookie in a visitor’s browser. As you can imagine, many organizations are unhappy about this. They believe asking permission for cookies will cause their customers to flee to other websites, and they worry about abandoning some established programs (such as Google Analytics), which require the use of cookies to function properly. As a result, many IT managers feel stuck between compliance (with the possible loss of customers and information) and non-compliance (with possible penalties from the ICO).

The dilemma doesn’t stop with the U.K. Other countries in the European Union will likely implement the PECR soon, so organizations operating anywhere in Europe will need to develop a cookie compliance strategy.  It’s not an easy task, though, when a lot of the details remain unclear. For example, it is not yet known how the ICO will find out about errant websites, or if the ICO will respond to non-compliance with fines or just warnings, at least at first.

U.S. organizations are equally baffled by the cookie law. Must a U.S.-based organization comply if it serves customers in the UK or anywhere in the European Union?  Does it matter where the website is hosted?  To answer these questions, we’ve recently published two articles offering advice for U.S. organizations contemplating the cookie law. But even our two expert contributors do not agree on the best course of action. One expert advises U.S. organizations to begin taking proactive steps toward compliance, while another suggests U.S. organizations hold off for now.

As the enforcement date draws near, SearchSecurity.co.UK will continue to bring you updated news and advice from a variety of expert perspectives so you can decide on the best strategy for your organization.