By Eleanor Treharne-Jones, CIPP/E, Director, EMEA & Global Communications
Results from the recent EU Cookie Sweep have now been released. The sweep was conducted last September by European data protection authorities from the UK, Denmark, Czech Republic, France, Greece, the Netherlands, Spain and Slovenia to determine how many popular websites are compliant with the EU Cookie Directive. The data protection authorities completed the review of 478 popular websites and found that not enough notice and valid consent is being given to visitors.
The sweep, led by the UK’s Information Commissioner’s Office (ICO), found that UK. websites place 44 cookies on a first visit, higher than any other country surveyed (the average is 34). However, UK websites provide more information than any other country surveyed — highlighting the importance transparency plays with regard to consumer trust.
According to one survey from Ipsos MORI, more than half of consumers in Great Britain, France, Germany and the Netherlands expect advertisers to comply with the EU Cookie Directive.
The sweep also uncovered:
- 26% of websites provide no notification that cookies are being used. Of those that do provide notification, 50% merely inform users that cookies were in use without requesting consent.
- The expiry dates for cookies are often excessive; the investigation detected some which will not expire until Dec. 31, 9999 (8,000 years in the future!).
This recent sweep indicates that many website operators have put in place solutions to comply with the Cookie Directive. But the potential for further enforcement and possible fines is still very real. In France, the Netherlands and other European countries companies are rushing to implement solutions to comply since regulatory agencies have shown they are ready to fine companies that don’t abide by the rules. Often, the biggest hurdle for companies is compliance. With so many approaches to data privacy implementation across European markets, compliance can be both complicated and time consuming for internal teams to take on.
The EU Cookie Directive was introduced on 26 May 2011. The Directive requires that companies provide clear information about how cookies are used on websites and give visitors the option to have non-essential cookies placed on their device.
More information about complying with EU Cookie Directive can be found here.