Cookies

Although not an FSA regulatory matter, this is a reminder to firms that operate websites that ‘new’, EU based, legislation has started to bite since the end of May – ‘new’ in the sense that although introduced into the UK on 25 May 2011, firms effectively had 12 months grace to put the requirements into action. For the avoidance of doubt, the regime applies to all firms that operate websites and not just FSA authorised firms.

In brief it is now a requirement that websites should not use cookies – which are basically small files downloaded onto a user’s pc etc. when they access a website – unless a user is both provided with clear information about the purposes of the cookies and has given consent to their use. There are very limited exemptions to the requirement. Regular users of the FSA website will have noticed that a cookie related banner now appears on the home page.

The Information Commissioner’s Office (ICO) has oversight of adherence to the requirements and has produced guidance on what firms need to do. Powers available to the ICO include the issuance of an Enforcement Notice to compel an organisation to take action (failure to comply can be a criminal offence) and, for the most serious cases, the imposition of a monetary penalty up to a maximum of £50,000.

There is also a practical guide, including examples of possible wordage to use, published by the International Chamber of Commerce which firms may find of use.