Are the cookie laws crumbling already?
They haven't even been enforced yet, but the cookie laws are looking a tad frail already, argues Tom Brewster.
COMMENT When there's panic at the top, you know there's trouble. When there's panic at the Information Commissioner's Office (ICO), you know something serious is up.
So when information commissioner Christopher Graham took to the internet last week moaning like some curmudgeonly head teacher that companies "must try harder" to comply with cookie laws, many an eyebrow pointed to the skies. Why did Graham suddenly come out to urge businesses to ensure they are getting user consent before installing cookies? Is anxiety setting in perchance? With just five months left until the deadline for compliance arrives, it appears the ICO is apprehensive.
Who's afraid of the big bad commissioner? In the cookie space, no one. There is little to be afraid of just yet.
It's easy to see why. If the majority of UK companies don't comply, the ICO is going to have a mammoth task enforcing the legislation. Whilst the tonne of extra paper work will undoubtedly chagrin the commissioner, it will be in enacting punitive measures where Graham and the cookie law itself could come undone.
To fine or not to fine?
It's something of a damned if you do, damned if you don't situation for the ICO. If the watchdog just gives companies a slap on the wrist for mishaps, many will simply carry on flaunting the law, unafraid of such tepid deterrents. As we see in the data breach space, just asking offenders to clean up their act does little to curb others' behaviour.
If the ICO wants to punish companies with monetary penalties, however, it will risk its own credibility if there is wide-scale non-compliance. It would be unwise to start slapping swathes of UK businesses with fines, not only from a feasibility standpoint, but from an economic one as well.
Graham has already covered his back on that latter point though, revealing businesses will be given yet more breathing space after the 12-month grace period is over. "There will not be a wave of knee-jerk formal enforcement actions taken against those who are not yet compliant but are trying to get there," he said. Of course, that means businesses will simply take longer to comply, if at all.
In This Article
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Evaluate your order-to-cash process
15 recommended metrics to benchmark your O2C operationsDownload now
AI 360: Hold, fold, or double down?
How AI can benefit your businessDownload now
Getting started with Azure Red Hat OpenShift
A developer’s guide to improving application building and deployment capabilitiesDownload now