VNU Net: Cookies crumble under data protection legislationFeb 28, 2000, 16:16 (3 Talkback[s])
(Other stories by Lisa Kelly)
By Lisa Kelly, VNU Net
Many UK ecommerce companies could soon be breaking the law by illegally using technology that tracks website users' personal data.
On 1 March the updated Data Protection Act 1998 comes into effect. This will enable individuals to take legal action against those who process data about them without their active consent.
The latest data protection legislation makes cookie technology - programmes downloaded from a website owner's computer to a user's computer, allowing users subsequent site accesses to be tracked - illegal unless it is transparent.
Dai Davis, head of the IT Group at law firm Nabarro Nathanson, said: "The Act will make this relatively little known but potentially extensive use of personal data through cookie technology illegal, unless it is made transparent to data subjects what information has been collected and how it is likely to be used."
Davis said the change in the laws will place European businesses at a competitive disadvantage to countries operating from outside Europe, which do not have to comply with the new legislation, such as the US where "data protection is anathema".
"This is another case of the European Commission shooting European companies in the foot and one which is potentially highly damaging," said Davis.
James Roper, chief executive of industry body the Interactive Media Retail Group, said the legislation will damage UK ecommerce.
"It will put us at a disadvantage to the US," he said. "The serious companies that we urgently need to engage in ecommerce cannot break the law, so they will try to do it properly at a great cost or management burden which could prevent them from making steps into ecommerce.
"There is a transitional provision in the 1998 Act for companies that have had a site using cookies to monitor use of the internet before 24 October 1998. They will have until 24 October 2001 to comply."