UK cookie law has troubled start
The introduction of new laws that make it almost impossible to use automatic cookies on UK web pages is already causing problems in practice.
While the May 26 launch of new laws included in the Directive on Privacy and Electronic Communications was well-publicized, initial reports suggest that has not transferred into compliance. There are also concerns the new regulations may have left companies utilizing cloud storage at risk, by requiring them to suddenly have knowledge of the location of the data centers used.
The UK’s Information Commissioner’s Office (ICO), which polices the new directive, describes the policy as an addendum to the country’s existing data protection laws. The regulations require web site operators to gain user consent to cookies in a simple way. In practice, many sites have opted for a pop-up or embedded text box seeking the permission – and the ICO is no exception.
However, by Monday morning many sites had failed to take any action on the updated regulations, sparking questions over whether they would be fined by the ICO for non-compliance. A spokesman told the BBC it would work with companies rather than go down the monetary route, as it recognized the switch over isn’t necessarily easy for all companies.
While companies dealing direct with consumers are one thing, there are also questions about firms that store data in the cloud says Lee Myall, regional director at European fiber operator Interoute. “Organizations will be left with a compliance question mark over whether their cloud provider has saved their data,” he notes.
Myall explains that companies may not know where that data is stored, and so whether it is covered by the new UK regulations. “The fact is that cloud computing pays little regard to physical boundaries and borders,” he points out, adding that the problem has sparked debate on a new regional data protection policy at the European Union.
He argues those new laws may put UK companies off switching to a cloud strategy “at least until a new unified data protection law is agreed across Europe.”