Are the cookie laws crumbling already?

Cookies

COMMENT When there's panic at the top, you know there's trouble. When there's panic at the Information Commissioner's Office (ICO), you know something serious is up.

So when information commissioner Christopher Graham took to the internet last week moaning like some curmudgeonly head teacher that companies "must try harder" to comply with cookie laws, many an eyebrow pointed to the skies. Why did Graham suddenly come out to urge businesses to ensure they are getting user consent before installing cookies? Is anxiety setting in perchance? With just five months left until the deadline for compliance arrives, it appears the ICO is apprehensive.

Who's afraid of the big bad commissioner? In the cookie space, no one. There is little to be afraid of just yet.

It's easy to see why. If the majority of UK companies don't comply, the ICO is going to have a mammoth task enforcing the legislation. Whilst the tonne of extra paper work will undoubtedly chagrin the commissioner, it will be in enacting punitive measures where Graham and the cookie law itself could come undone.

To fine or not to fine?

It's something of a damned if you do, damned if you don't situation for the ICO. If the watchdog just gives companies a slap on the wrist for mishaps, many will simply carry on flaunting the law, unafraid of such tepid deterrents. As we see in the data breach space, just asking offenders to clean up their act does little to curb others' behaviour.

If the ICO wants to punish companies with monetary penalties, however, it will risk its own credibility if there is wide-scale non-compliance. It would be unwise to start slapping swathes of UK businesses with fines, not only from a feasibility standpoint, but from an economic one as well.

Graham has already covered his back on that latter point though, revealing businesses will be given yet more breathing space after the 12-month grace period is over. "There will not be a wave of knee-jerk formal enforcement actions taken against those who are not yet compliant but are trying to get there," he said. Of course, that means businesses will simply take longer to comply, if at all.

Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.