The majority of the UK’s eCommerce companies have not implemented changes which bring their websites into line with the latest privacy legislation, a major business advisory firm says.
A survey by KPMG found that over 80% of sites, including many major organisations, had not complied with the European Union’s Directive on Privacy and Electronic Communications, commonly known as the ‘cookie law’.
The directive, which came into force on May 28 and 29, states that eCommerce companies must obtain ‘implied consent’ from users before installing cookies on their machines. Failure to comply with the directive could result in businesses being fined as much as £500,000.
KPMG first analysed the same websites in March and found only one of those assessed was compliant with the forthcoming law. Since then the number has risen to ten, however KPMG says most of these only comply with the bare minimum required by the law.
“There is clearly some progress in that the Cookie Law has had an effect on a number of website providers. However, what we have also seen is a great deal of confusion around what is actually required to comply with the law,” said Stephen Bonner of KPMG.
“Therefore, many organisations take a wait and see approach at this stage. Some also seem to assume that the measures they have taken so far are sufficient – but they are not.”
Bonner called on eCommerce businesses to be more upfront with customers
“While there is still much confusion, there is also a call for organisations to adopt a more basic approach towards these requirements; informing customers upfront when you are collecting and analysing information about them builds trust and confidence in your organisation as a whole.”