Prior to May 2011, the owners of UK websites were legally permitted to set up a system whereby small data files called “cookies” could be automatically installed onto the hard drive of the computers of any visitors (to the website). These cookies record the on-line browsing activities of the visitor – both for the essential purpose of facilitating certain transactions (such as the sale of a product), and for the less essential purpose of targeted advertising.
On 25 May 2011, however, the UK implemented new EU Regulations which essentially require the consent of the consumer/ website user before a cookie is installed on his/her computer. The Regulations recognise the fact that certain information needs to be retained in order for an on-line transaction to take place. Therefore it qualifies the rule by applying it to any personal information which is not “strictly necessary”.
The UK authorities allowed for a 12-month “grace period” which is due to end on 26 May 2012, which means that a breach of the new law could mean a monetary penalty – and in some cases even a criminal prosecution, if deemed serious.