In-depth

Are the cookie laws crumbling already?

They haven't even been enforced yet, but the cookie laws are looking a tad frail already, argues Tom Brewster.

COMMENT When there's panic at the top, you know there's trouble. When there's panic at the Information Commissioner's Office (ICO), you know something serious is up.

So when information commissioner Christopher Graham took to the internet last week moaning like some curmudgeonly head teacher that companies "must try harder" to comply with cookie laws, many an eyebrow pointed to the skies. Why did Graham suddenly come out to urge businesses to ensure they are getting user consent before installing cookies? Is anxiety setting in perchance? With just five months left until the deadline for compliance arrives, it appears the ICO is apprehensive.

Advertisement - Article continues below

Who's afraid of the big bad commissioner? In the cookie space, no one. There is little to be afraid of just yet.

It's easy to see why. If the majority of UK companies don't comply, the ICO is going to have a mammoth task enforcing the legislation. Whilst the tonne of extra paper work will undoubtedly chagrin the commissioner, it will be in enacting punitive measures where Graham and the cookie law itself could come undone.

To fine or not to fine?

It's something of a damned if you do, damned if you don't situation for the ICO. If the watchdog just gives companies a slap on the wrist for mishaps, many will simply carry on flaunting the law, unafraid of such tepid deterrents. As we see in the data breach space, just asking offenders to clean up their act does little to curb others' behaviour.

Advertisement
Advertisement - Article continues below

If the ICO wants to punish companies with monetary penalties, however, it will risk its own credibility if there is wide-scale non-compliance. It would be unwise to start slapping swathes of UK businesses with fines, not only from a feasibility standpoint, but from an economic one as well.

Advertisement - Article continues below

Graham has already covered his back on that latter point though, revealing businesses will be given yet more breathing space after the 12-month grace period is over. "There will not be a wave of knee-jerk formal enforcement actions taken against those who are not yet compliant but are trying to get there," he said. Of course, that means businesses will simply take longer to comply, if at all.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Most Popular

Visit/security/ransomware/355891/nasa-it-contractor-ransomware-hack
ransomware

Ransomware collective claims to have hacked NASA IT contractor

3 Jun 2020
Visit/data-insights/data-science/355678/how-data-science-is-transforming-business
Sponsored

How data science is transforming business

29 May 2020
Visit/mobile/5g/355911/the-uk-pivots-to-japan-for-5g-equipment
5G

The UK looks to Japan and South Korea for 5G equipment

4 Jun 2020