Are you cookie compliant?

Licensed venues with an online presence should make sure they comply with new European regulations, writes solicitor Claire McCracken

IF your business operates a website, you should be aware of the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011.

The regulations have introduced changes to the law in relation to the use of ‘cookies’ which will affect all licence holders that run a website.
For those less than familiar with technology, a cookie is a small file comprised of letters and numbers which is commonly used by a website operator to make a website user’s experience more efficient.
Cookies will collect information about the user’s online activity while the user is browsing the website – for example, they can track the movements of the user as they navigate the website – and then will store these preferences on the user’s browser.
We are well aware of how important websites are, given that customers often look venues up online before trying them out.
Now, if your licensed premises operates a website which uses cookies or similar devices, it is also important that you comply with the regulations. You must now ensure that all visitors to your website are aware: that information is being collected from them; and the purpose for which this information is being used.
You must also obtain the user’s express consent to the use of cookies.
The UK’s privacy watchdog, the Information Commissioner’s Office (ICO), advises consent must involve some form of communication where the user knowingly indicates their acceptance to the use of cookies.
The key point is that you need to be upfront with users about how your website operates.
The only exception is where the use of a cookie is ‘strictly necessary’ for a service requested by the user.
This is clearly a very narrow exemption; for example, where information is stored in a customer’s online shopping basket in order to complete a purchase transaction or where a customer is making a booking or reservation.
Although the new laws came into force on May 26, 2011, the ICO gave organisations a one year grace period prior to taking any enforcement action.
That means ever since May 26 this year all websites have had to be comply with the regulations.
We would recommend that you follow the ICO guidance by checking what type of cookies you use and how you use them by carrying out a comprehensive cookie audit of your website.
You must then ensure that your website provides information about the cookies you use and that you obtain the consent of all users of your website for such use.
The ICO is aware that the appropriate solution will depend on the nature of your own website and it suggests various methods for obtaining consent. The most common method has been the use of a ‘pop-up’ asking for consent.
The ICO can take action against you as a website owner for non-compliance and, significantly, it has the power to impose a maximum fine of £500,000. You must therefore ensure that any website operated by your licensed premises complies with the regulations now or you risk being fined.
• Claire McCracken is a senior associate at law firm Tods Murray LLP.

Image: Non-compliance with the regulations can lead to a £500,000 fine, McCracken says.