In-depth

Are the cookie laws crumbling already?

They haven't even been enforced yet, but the cookie laws are looking a tad frail already, argues Tom Brewster.

COMMENT When there's panic at the top, you know there's trouble. When there's panic at the Information Commissioner's Office (ICO), you know something serious is up.

So when information commissioner Christopher Graham took to the internet last week moaning like some curmudgeonly head teacher that companies "must try harder" to comply with cookie laws, many an eyebrow pointed to the skies. Why did Graham suddenly come out to urge businesses to ensure they are getting user consent before installing cookies? Is anxiety setting in perchance? With just five months left until the deadline for compliance arrives, it appears the ICO is apprehensive.

Who's afraid of the big bad commissioner? In the cookie space, no one. There is little to be afraid of just yet.

It's easy to see why. If the majority of UK companies don't comply, the ICO is going to have a mammoth task enforcing the legislation. Whilst the tonne of extra paper work will undoubtedly chagrin the commissioner, it will be in enacting punitive measures where Graham and the cookie law itself could come undone.

Advertisement
Advertisement - Article continues below

To fine or not to fine?

It's something of a damned if you do, damned if you don't situation for the ICO. If the watchdog just gives companies a slap on the wrist for mishaps, many will simply carry on flaunting the law, unafraid of such tepid deterrents. As we see in the data breach space, just asking offenders to clean up their act does little to curb others' behaviour.

If the ICO wants to punish companies with monetary penalties, however, it will risk its own credibility if there is wide-scale non-compliance. It would be unwise to start slapping swathes of UK businesses with fines, not only from a feasibility standpoint, but from an economic one as well.

Graham has already covered his back on that latter point though, revealing businesses will be given yet more breathing space after the 12-month grace period is over. "There will not be a wave of knee-jerk formal enforcement actions taken against those who are not yet compliant but are trying to get there," he said. Of course, that means businesses will simply take longer to comply, if at all.

Featured Resources

Application security fallacies and realities

Web application attacks are the most common vulnerability, so what is the truth about application security?

Download now

Your first step researching Managed File Transfer

Advice and expertise on researching the right MFT solution for your business

Download now

The KPIs you should be measuring

How MSPs can measure performance and evaluate their relationships with clients

Download now

Life in the digital workspace

A guide to technology and the changing concept of workspace

Download now
Advertisement

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

4 Nov 2019
Visit/strategy/28115/the-pros-and-cons-of-net-neutrality
Business strategy

The pros and cons of net neutrality

4 Nov 2019
Visit/domain-name-system-dns/34842/microsoft-embraces-dns-over-https-to-secure-the-web
Domain Name System (DNS)

Microsoft embraces DNS over HTTPS to secure the web

19 Nov 2019
Visit/social-media/34844/can-wikipedia-founders-social-network-really-challenge-facebook
social media

Can Wikipedia founder's social network really challenge Facebook?

19 Nov 2019