WIREDGOV

Businesses and other organisations running websites in the UK must ‘wake up’ to the fact that EU legislation, which will require them to get consent in order to store or access information on consumers’ computers, is coming into force soon, Information Commissioner Christopher Graham will say today in a speech at the ICO’s annual Data Protection Officer conference in Manchester.

The new law, which will come into force on 25 May 2011, is an amendment to the EU’s Privacy and Electronic Communications Directive. It will require UK businesses and other organisations to obtain consent from visitors to their websites in order to store on and retrieve usage information from users’ computers.

One common technique of storing information is widely known as a cookie. This is a small file that a website puts on a user’s computer so that it can remember something, for example the user’s preferences, at a later time. The majority of businesses and organisations in the UK currently use cookies for a wide variety of reasons – from analysing consumer browsing habits to remembering a user’s payment details when buying products online.

Information Commissioner, Christopher Graham, said:

"While the roll out of this new law will be a challenge, it will have positive benefits as it will give people more choice and control over what information businesses and other organisations can store on and access from consumers’ own computers.

"The Directive will come into force in less than two months time and businesses and organisations running websites in the UK must wake up to the fact that this is happening. We are proactively working with the government, businesses and the public sector to find a workable solution. We recognise that the internet as we know it today depends on the widespread use of cookies and there are of course legitimate business reasons for using them. So we are clear that these changes must not have a detrimental impact on consumers nor cause an unnecessary burden on UK businesses. One option being considered is to allow consent to the use of cookies to be given via browser settings.

"Once the new regulations are published there will be a major job of education and guidance to be undertaken. In the meantime, both the business community and public sector organisations need to start thinking clearly about how they will meet the requirements of the new Directive."

The Department for Culture, Media and Sport is leading on implementing the new measures in the UK while the ICO will be responsible for regulation.

Commenting on the Directive, Minister for Culture, Communications and the Creative Industries, Ed Vaizey, said:

"Revisions to the e-Privacy Directive will provide consumers with more choice and control over their internet experience. But at the same time

we need to make sure these changes do not make using the internet more difficult.

"Businesses need to be working to address the way they use cookies.

We recognise that work will not be complete by the implementation deadline. The government is clear that it will take time for meaningful solutions to be developed, evaluated and rolled out.

"We recognise this could cause uncertainty for businesses and consumers. Therefore we do not expect the ICO to take enforcement action in the short term against businesses and organisations as they work out how to address their use of cookies."

The ICO’s annual Data Protection Officers conference will take place today at Manchester Central and will be attended by 500 delegates from around the UK. Minister of State at the Ministry of Justice, Lord McNally – the government lead on information rights – will be giving a keynote address, outlining government policy on information rights. The Minister is expected to speak about the penalties that can be served for failing to comply with the Data Protection Act as well as the future powers of the ICO.

Justice Minister Lord McNally said:

"A strong and independent Information Commissioner is vital to ensuring our personal data is kept safe, as well as keeping public bodies open to scrutiny. The government recently announced measures to enhance the ICO’s independence even further, by giving it more freedom to make corporate and operational decisions.

"As technology advances it brings new opportunities, but also new ways our data can be misused, which is why we have been gathering evidence

on how the current data protection laws are working and considering ideas on how the current data protection regime can be improved."

Other speakers at the conference include the ICO’s Deputy Commissioners David Smith and Graham Smith, as well as Jose Manuel de Frutos Gomez from the European Commission.

If you need more information, please contact the ICO press office on

0303 123 9070 or visit the website at: www.ico.gov.uk.

Notes to Editors

1. The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

2. The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.

3. The ICO is on Twitter, Facebook and LinkedIn, and produces a monthly e-newsletter. Our For the media page provides more information for journalists.