The Information Commissioner's Office (ICO) is calling for UK websites to "try harder" when it comes to implementing the controversial 'cookie law'.
Changes to the EU Privacy and Electronic Communications Directive, which came into force in May this year in an attempt to protect privacy, require firms to tell web users what information is being stored, and explain the concept of behavioural advertising or adverts tailored to web users based on their browsing activities. As a result, web users are expected to see more pop-ups containing this information when surfing websites.
While cookies that allow web users to store goods in an online shopping basket are exempt from the changes in the directive, those cookies that allow users to store log-in details for sites such as social networks or webmail are affected. However, when the changes came into the force, the ICO said it was giving UK firms one year to comply with the EU legislation.
The ICO has also updated guidance on cookies for UK website owners to include a further explanation of what gaining a web users' 'consent' means, as well as which types of cookies will be exempt from complying with the legislation, such as cookies used for online shopping baskets and those used to keep user data safe.
"The guidance we've issued today builds on the advice we've already set out, and now includes specific practical examples of what compliance might look like," said Information Commissioner Christopher Graham.
"We're half way through the lead-in to formal enforcement of the rules. But, come May 26 next year, when our 12 month grace period ends, there will not be a wave of knee-jerk formal enforcement actions taken against those who are not yet compliant but are trying to get there."
Graham added that many UK firms still think that implementing the law is an "impossible task". But he urged them to "get to work".
"Over the last few months we've been speaking to and working with businesses and organisations that are getting on with it and setting the standard. My message to others is – if they can do it, why can't you?"
"Some people seem to want us to issue prescriptive check lists detailing exactly what they need to do to comply. But this would only get in the way and would be too restrictive for many businesses and organisations. Those actually running websites are far better placed to know what will work for them and their customers."
Andreas Edler, managing director for hosting firm Hostway UK said the extra guidance from the ICO has an air of "too little too late".
"Understandably, many businesses have been waiting for this guidance before making decisions regarding the privacy settings on their website. However, as a result they now only have six months to comply," he said.
"As stated previously, the overall legislation has good intentions in aiming to protect people's privacy but it has opened up a minefield of compliance issues. With even the likes of Google admitting that it is struggling to create an effective way to enable it to abide by the new cookie laws, it is clear that the government has misjudged the huge impact the legislation could have on many businesses."