Cookies: Majority of government sites to miss deadline By Dave Lee

Technology reporter, BBC News Published duration 16 May 2012

image caption The UK government has a vast portfolio of services available online, such as this Directgov portal

Ahead of a nationwide deadline over regulating the use of cookies, the BBC has learned that the "majority" of the UK government's own websites will fail to comply in time.

All UK sites have been given until 26 May to make sure visitors are able to give "informed consent" over cookies.

Cookies are pieces of personal data stored when users browse the web.

The Cabinet Office said the government was "working to achieve compliance at the earliest possible date".

Once the new rules take force, consent will most likely be obtained by ticking a "yes" box when visiting a site - although other approaches have been suggested.

The regulations are designed to protect user privacy when using the web.

"As in the private sector, where it is estimated that very few websites will be compliant by the 26th May, so it is true of the government estate," a Cabinet Office spokesman told the BBC.

"The majority of department websites will not be compliant with the legislation by that date."

Showing 'commitment'

The BBC understands that the sites, which range from those run by local councils to national departments, have been told that no action will be taken by the Information Commissioner's Office (ICO) over the deadline miss - provided they were "showing a commitment" to eventually make changes.

"The impression I'm getting from the ICO is that even if there are complaints and you're found not to be compliant, unless it can be shown your intent was to avoid compliance, then they would work with you," said Mike MacAuley from the Local Government Association, which has hosted discussions on the issue.

The ICO did not want to comment on the issue when contacted by the BBC.

On 26 May the UK's Information Commissioner's Office (ICO) imposes an EU directive designed to protect internet users' privacy.

The law says that sites must provide "clear and comprehensive" information about the use of cookies.

In computing, cookies are small text files that help organise and store browsing information. However, cookies are increasingly being used to power targeted advertising, by gathering data about sites visited and search terms used.

It is these "tracking" cookies, which users do not often know about, which the EU hopes to clamp down on with the regulations.

The deadline had originally been set for May last year. However, the ICO - which will be enforcing the rules in the UK - decided to give firms an extra year to comply with the laws in order to avoid an "overnight" change.

At the time, communications minister Ed Vaizey said: "It will take some time for workable technical solutions to be developed, evaluated and rolled out so we have decided that a phased in approach is right."

'No problem'

While government websites do not carry advertising, cookies are still used to carry out various tasks, such as helping site administrators monitor levels of traffic.

"If people listen to our advice and are prepared to take steps towards compliance there shouldn't be a problem," Dave Evans, the ICO's group manager for business and industry, told E-Consultancy last month

"However, if businesses deliberately stop short of total compliance, then there is a risk."

Mr MacAuley said meetings had been held earlier this month between the LGA's members and the ICO to discuss how best to comply.

"I think the issue is really more about what the spirit of the regulations is intended to prevent," he said.

"They're intended to prevent any kind of malicious exploitation of cookies, or any wilful avoidance of the regulations. I think the ICO takes a very dim view of that.

"However I don't think local governments would in any way try to do either of those things."

Business frustration

Vinod Bange, a lawyer for Taylor Wessing who has spent time consulting companies who are cautious of the changes, said the small number of businesses who have invested in meeting the guideline deadline could be left feeling frustrated.

image caption The ICO's website has implemented its own consent mechanism on its site

"There will be some companies out there wondering why they've gone to the expense, and committed a lot of resource, into trying to tackle a problem which is not going to be enforced," he said.

In the interview with E-Consultancy, the ICO's Mr Evans said there would not be a team of investigators seeking out infringing sites, but would act on complaints.

"How likely it is that complaints will flood in, we don't know," he said.