UK orgs urged to clean up cookies as enforcement heats up

Increasing focus on enforcement of EU cookie regulations highlights importance of compliance for organisations to avoid fines, lawsuits, and impact on cybersecurity.

gdpr compliance security locks privacy breach
Getty Images

Cookie law enforcement activity is putting pressure on organisations across Europe to ensure compliance with regulations. As a result, UK businesses have been urged to address their cookie compliance positions to avoid regulatory action and cybersecurity consequences.

In the EU, cookies are regulated by the General Data Protection Regulation (GDPR) and the so-called Cookie Directive (the latter in the process of being updated)—both of which can result in severe penalties for non-compliance and must be adhered to by UK organisations if they have a website presence and/or customers based in EU countries.

Cookie law enforcement pressures intensify

On May 31, Max Shrems’ pressure group My Privacy is None of Your Business (NOYB) announced possible action against 560 websites and the possibility of a further 10,000 complaints about cookie control panels, claiming that organisations in as many as 33 countries are failing to offer ‘deny all’ options or easy ways to withdraw consent for users. NOYB also cited privacy concerns about some vendors of cookie management tools. It stated that if the recipients do not comply with cookie laws within a month it will file formal complaints with the relevant European Data Protection Authorities (DPAs).

It is not only NOYB that is stirring the cookie law enforcement pot across Europe either. Last week, the Commission nationale de l’informatique et des libertés (CNIL) in France announced action against around 20 organisations (which has the potential to impact any UK organisation the DPA judges to be intent on targeting French visitors), whilst German regulators have also revealed a new data protection sweep exercise including a greater focus on cookie compliance.

To continue reading this article register now

8 pitfalls that undermine security program success