All UK sites have been given until 26 May to make sure visitors are able to give "informed consent" over cookies.
Cookies are pieces of personal data stored when users browse the web.
The Cabinet Office said the government was "working to achieve compliance at the earliest possible date".
Once the new rules take force, consent will most likely be obtained by ticking a "yes" box when visiting a site - although other approaches have been suggested.
The regulations are designed to protect user privacy when using the web.
"As in the private sector, where it is estimated that very few websites will be compliant by the 26th May, so it is true of the government estate," a Cabinet Office spokesman told the BBC.
"The majority of department websites will not be compliant with the legislation by that date."
Showing 'commitment'The BBC understands that the sites, which range from those run by local councils to national departments, have been told that no action will be taken by the Information Commissioner's Office (ICO) over the deadline miss - provided they were "showing a commitment" to eventually make changes.
Continue reading the main storyCookies are small files that allow a website to recognise and track users. The ICO groups them into three overlapping groups:
Session cookies
Files that allow a site to link the actions of a visitor during a single browser session. These might be used by an internet bank or webmail service. They are not stored long term and are considered "less privacy intrusive" than persistent cookies.
Persistent cookies
These remain on the user's device between sessions and allow one or several sites to remember details about the visitor. They may be used by marketers to target advertising or to avoid the user having to provide a password each visit.
First and third-party cookies
A cookie is classed as being first-party if it is set by the site being visited. It might be used to study how people navigate a site.
It is classed as third-party if it is issued by a different server to that of the domain being visited. It could be used to trigger a banner advert based on the visitor's viewing habits.
"The impression I'm getting from the ICO is that even if there are complaints and you're found not to be compliant, unless it can be shown your intent was to avoid compliance, then they would work with you," said Mike MacAuley from the Local Government Association, which has hosted discussions on the issue.The ICO did not want to comment on the issue when contacted by the BBC.
On 26 May the UK's Information Commissioner's Office (ICO) imposes an EU directive designed to protect internet users' privacy.
The law says that sites must provide "clear and comprehensive" information about the use of cookies.
In computing, cookies are small text files that help organise and store browsing information. However, cookies are increasingly being used to power targeted advertising, by gathering data about sites visited and search terms used.
It is these "tracking" cookies, which users do not often know about, which the EU hopes to clamp down on with the regulations.
The deadline had originally been set for May last year. However, the ICO - which will be enforcing the rules in the UK - decided to give firms an extra year to comply with the laws in order to avoid an "overnight" change.
At the time, communications minister Ed Vaizey said: "It will take some time for workable technical solutions to be developed, evaluated and rolled out so we have decided that a phased in approach is right."
'No problem'While government websites do not carry advertising, cookies are still used to carry out various tasks, such as helping site administrators monitor levels of traffic.
"If people listen to our advice and are prepared to take steps towards compliance there shouldn't be a problem," Dave Evans, the ICO's group manager for business and industry, told E-Consultancy last month.
"However, if businesses deliberately stop short of total compliance, then there is a risk."
Mr MacAuley said meetings had been held earlier this month between the LGA's members and the ICO to discuss how best to comply.
"I think the issue is really more about what the spirit of the regulations is intended to prevent," he said.
"They're intended to prevent any kind of malicious exploitation of cookies, or any wilful avoidance of the regulations. I think the ICO takes a very dim view of that.
"However I don't think local governments would in any way try to do either of those things."
Business frustrationVinod Bange, a lawyer for Taylor Wessing who has spent time consulting companies who are cautious of the changes, said the small number of businesses who have invested in meeting the guideline deadline could be left feeling frustrated.
The ICO's website has implemented its own consent mechanism on its site"There will be some companies out there wondering why they've gone to the expense, and committed a lot of resource, into trying to tackle a problem which is not going to be enforced," he said.
In the interview with E-Consultancy, the ICO's Mr Evans said there would not be a team of investigators seeking out infringing sites, but would act on complaints.
"How likely it is that complaints will flood in, we don't know," he said.
"It may be that the great British public simply isn't that concerned about cookies."
No comments:
Post a Comment