With less than 50 days to go until a major new EU law comes into force governing website cookies, a KPMG analysis of 55 major UK organisations across UK private and public sectors found that 95% were not in compliance with the cookie-related requirements of the EU Directive on Privacy and Electronic Communications and are therefore risking fines of up to £500,000.
The directive becomes enforceable UK law from 26 May 2012. From then on, websites need to obtain users’ opt-in consent first if they install cookies that pass on information about browsing activities to third parties. Non-compliant websites may be subject to a fine.
Yet the analysis showed a surprising lack of compliance with only one asking specifically for opt-in which is the key requirement of the directive. Surprisingly, two sites did not use any cookies at all.
Stephen Bonner, a Partner in the Information Protection and Business Resilience business team at KPMG, said: “With less than 50 days to go before enforcement, our analysis has found that the majority of UK organisations still need to complete substantial work to their websites. Time is running out for them so they need to act to avoid severe financial penalties. Whilst the majority of the websites we analysed made a reference to the use of cookies under either the terms and conditions or specific privacy policies, and some also state how the cookies are being used, this is not enough to ensure compliance with the directive. Organisations now need to focus their efforts on establishing an inventory of their web sites and the cookies currently in use, before evaluating their purpose and establish a pragmatic plan to ensure compliance.”
The analysis was conducted at the end of March 2012 and focused on evaluating cookies set when entering the sites. KPMG also reviewed current terms and conditions and/or privacy policies accessible from the front page. This review revealed that, in addition to the one site already asking specifically for opt-in; only two sites mentioned that they are currently being updated to become compliant before the deadline.
- END -
Notes to Editors:
Top Five Tips for organisations to ensure full compliance of their websites:
- Perform a review of the use of cookies on your website
- Evaluate the information obtained from any cookies currently in use, and whether this information is paramount for your organisation
- Start adding consent requests to cookies related to logon, registration and other similar processes
- Create a plan to expand this activity to the remainder of your website
- Don’t waste any more time: Make sure you know which cookies your sites uses, understand the applicability of the law and seek legal counsel if required and have a concise schedule to make your website compliant
The “EU Directive on Privacy and Electronic Communications” refers to online data protection and privacy. It covers confidentiality of information and the treatment of spam as well as of cookies. The directive came into in effect in May 2011 and will be enforced in the EU states from 26 May 2012.
Cookies are small text files which are used by websites to analyse their visitors’ Internet behavior. The files are stored on a user’s hard disk to enable targeted advertising and personalised web pages. Cookies are also used by e-commerce sites to manage users’ shopping carts.
For further information please contact:
MHP Communications
Lucinda Kemeny / Leo Wood/Emma Bowden
Tel: 0203 128 8758 / 8163 / 8145
Email: lucinda.kemeny@mhpc.com/ leo.wood@mhpc.com/ emma.bowden@mhpc.com
About KPMG
KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and operates from 22 offices across the UK with nearly 11,000 partners and staff. The UK firm recorded a turnover of £1.6 billion in the year ended September 2010. KPMG is a global network of professional firms providing Audit, Tax, and Advisory services. We operate in 150 countries and have more than 138,000 professionals working in member firms around the world. The independent member firms of the KPMG network are affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. KPMG International provides no client services.
