Cookie law deferred for one year Published duration 25 May 2011

media caption EU law restricting cookies from websites comes into effect

UK websites are being given one year to comply with EU cookie laws, the Information Commissioner's Office has said.

The UK government also sought to reassure the industry that there would be "no overnight changes".

The EU's Privacy and Communications Directive comes into force on 26 May.

It requires user's consent before using cookies - the text files that help organise and store browsing information.

Technically all firm must comply with the law but the UK has said that it needs more time to find a workable solution.

The government said that it was looking for a "business-friendly" solution and believed in light-touch regulation.

"We recognise that some website users have real concerns around online privacy but also recognise that cookies play a key role in the smooth running of the internet," said communications minister Ed Vaizey.

"But it will take some time for workable technical solutions to be developed, evaluated and rolled out so we have decided that a phased in approach is right," he added.

Do Not Track

The government has formed a working group with browser manufacturers to see if a browser-based solution to the issue can be found.

Microsoft's IE9 and the latest verson of Mozilla's Firefox already offer a setting to protect users from services which collect and harvest browser data and Google is working at integrating so-called 'Do Not Track' technologies into their Chrome browser.

A spokesman for the Department for Culture, Media and Sport admitted that there may be "other technical solutions" but that the browser solution was the only one it was currently pursuing.

Grégory Roekens, chief technology officer for marketing firm Wunderman, agreed that in-browser functionality would work best for consumers and website owners.

"It would be less intrusive that a free-for-all that lets website owners come up with their own solution," he said.

Cookies can be used for a variety of purposes. They can be used by third-parties to analyse consumer browsing habits but they can also be useful to users, remembering payment details when buying products online, for example.

Privacy groups, which pushed for greater regulation on cookies, want to see users able to give consent to every cookie presented to them.

Challenging

Such multiple consent forms would have a disruptive effect on the browsing experience, argue online firms.

"We need to think about the end users," continued Mr Roekens. "We need to make sure we don't have pop-ups appearing everywhere."

The Information Commissioner's Office (ICO) has been charged with enforcing the new rules, when they are drawn up.

Information Commissioner Christopher Graham admitted he is torn between the needs of industry and the rights of consumers.

He said that the new rules on cookies were "challenging".

"It would obviously ruin some users' browsing experience if they needed to negotiate endless pop-ups - and I am not saying that businesses have to go down that road," he said.

"Equally I have to remember that this law has been brought in to give consumers more choice about what companies know about them," he added.

Mr Graham said that the one year's grace he was offering to UK online firms "did not let everyone off the hook", hinting that he would take a dim view of firms which had done nothing by this time next year.

He also said that the ICO website was taking the lead by introducing a header bar giving users information about the cookies it uses and offering choices about how to manage them.