Are the cookie laws crumbling already?
They haven't even been enforced yet, but the cookie laws are looking a tad frail already, argues Tom Brewster.
COMMENT When there's panic at the top, you know there's trouble. When there's panic at the Information Commissioner's Office (ICO), you know something serious is up.
So when information commissioner Christopher Graham took to the internet last week moaning like some curmudgeonly head teacher that companies "must try harder" to comply with cookie laws, many an eyebrow pointed to the skies. Why did Graham suddenly come out to urge businesses to ensure they are getting user consent before installing cookies? Is anxiety setting in perchance? With just five months left until the deadline for compliance arrives, it appears the ICO is apprehensive.
Who's afraid of the big bad commissioner? In the cookie space, no one. There is little to be afraid of just yet.
It's easy to see why. If the majority of UK companies don't comply, the ICO is going to have a mammoth task enforcing the legislation. Whilst the tonne of extra paper work will undoubtedly chagrin the commissioner, it will be in enacting punitive measures where Graham and the cookie law itself could come undone.
To fine or not to fine?
It's something of a damned if you do, damned if you don't situation for the ICO. If the watchdog just gives companies a slap on the wrist for mishaps, many will simply carry on flaunting the law, unafraid of such tepid deterrents. As we see in the data breach space, just asking offenders to clean up their act does little to curb others' behaviour.
If the ICO wants to punish companies with monetary penalties, however, it will risk its own credibility if there is wide-scale non-compliance. It would be unwise to start slapping swathes of UK businesses with fines, not only from a feasibility standpoint, but from an economic one as well.
Graham has already covered his back on that latter point though, revealing businesses will be given yet more breathing space after the 12-month grace period is over. "There will not be a wave of knee-jerk formal enforcement actions taken against those who are not yet compliant but are trying to get there," he said. Of course, that means businesses will simply take longer to comply, if at all.
In This Article
What you need to know about migrating to SAP S/4HANA
Factors to assess how and when to begin migrationDownload now
Your enterprise cloud solutions guide
Infrastructure designed to meet your company's IT needs for next-generation cloud applicationsDownload now
Testing for compliance just became easier
How you can use technology to ensure compliance in your organisationDownload now
Best practices for implementing security awareness training
How to develop a security awareness programme that will actually change behaviourDownload now