[At-Large] That UK Cookie Law

Carlton Samuels carlton.samuels at gmail.com
Sun May 27 19:05:19 UTC 2012

The updated EU e-Privacy Directives came into effect yesterday, 26th May,

UK law requires website operators to ask a website user’s permission when
placing certain kinds of cookie on their visiting terminal devices, subject
to penalties for infraction.  And the UK's Information Commissioner has
released updated guidelines. Pickup explanations as well as guidelines from


A few observations the law makes no concession to regulations or laws of
the physical place where the site is domiciled.  Neither does it make
distinction for ownership of the terminal device used to access the
website.  It seems to be silent as well on technical complexities such as
cloud computing.  The Regulator concedes "*implied consent*" is indeed a
valid form of consent even as the law requires “*informed consent*”.  Seems
they are all over the shop on this one.

Regardless, site operators bear the burden of a user with difficulties in
understanding the cookie requirement enough to be called 'informed'; The
Regulations are not prescriptive about the sort of information that should
be provided, but the text should be *sufficiently full and intelligible to
allow individuals to clearly understand* the potential consequences of
allowing storage and access to the information collected by the device
should they wish to do so".  Note the term 'clearly understand'. In other
words, user ignorance..........or, worse, congenital disability....is not a

The law does exempts operators from compliance:
1.  When providing purely transit services
2. When providing so-called 'information society' services

The International Chamber of Commerce (ICC) has also issued a useful UK
Cookie [compliance] Guide. See it here:

- Carlton

Carlton A Samuels
Mobile: 876-818-1799
*Strategy, Planning, Governance, Assessment & Turnaround*

More information about the At-Large mailing list