The introduction of the EU cookie law on Saturday was met with criticism for the introduction of “implied consent” during final changes to the law.
According to the Guardian, two days before the law was enforced, the Information Commissioner's Office (ICO) released an updated version of advice allowing websites to assume they have consent from users, resulting in a shift in responsibility to the user rather than the website.
Businesses displayed much concern prior to the arrival of the cookie law, with many criticising the ICO for the law’s ambiguity. Research from the DMA last week revealed 47% of marketers lacked confidence that their efforts to gain consumer consent to place cookies on their devices will meet the requirements.
To address these concerns, the ICO said it would not take immediate action over non-compliant sites, despite launching a tool for users to report such behaviour.
Econsultancy highlighted how bigger brands such as Channel 4, BBC, The Guardian and The Telegraph are using different approaches to the enforcement of the EU e-Privacy Directive.
Rob Rachwald, director of Security Strategy at Imperva evaluated the advantages and disadvantages of the law.
He said: “The good news? Most consumers have no clue about what cookies do and just how much personal information they help websites harvest. Websites and internet technology have become so complex that it is impossible for a typical consumer to understand the implications of a simple click. This law will hopefully help people understand that cookies are the keys to personal information and present a threat if exploited, stolen, altered, harvested or hijacked.”
Speaking on the ambiguity claims, Rachwald said: “In the past, regulators have made regulations intentionally vague. The legislative thinking is that ambiguity forces the private sector to experiment with different approaches until somewhere, somehow someone finds the right way. The rest of the market soon follows the lead. But the lesson from PCI is that suggesting a precise approach — even one created by the private sector—removes a lot of guesswork and the time to compliance accelerates. For some time, we can expect to see a lot of confused consumers and companies.”