The cookie law could lead to small websites being hit by a regulator's fine.
Speaking to SC Magazine, Eduardo Ustaran, lawyer at Field Fisher Waterhouse, claimed that the Information Commissioner's Office (ICO) will never get to the stage where it is able to fine over cookie compliance.
He said: “They will not issue a fine, instead they will issue an enforcement notice to a company. We are starting to see the ICO talking to companies with heavy traffic asking them ‘what have you done?'.
“The ICO can either wait for complaints, or to serve a report on a data breach, but they are now taking a proactive step to identify the biggest website operators and talking to them.”
Stewart Room, partner at Field Fisher Waterhouse, said that the ICO has taken a compliance-driven approach for the year since the laws came into force, but he asked whether a new tack was necessary.
Ustaran said: “They will be frustrated that it is not being complied with, but some businesses are not seeing this as something to ignore. There are no cases that try to catch up with technology and produce awkward results. The law is trying to keep up with technology and trying to comply with it.”
Room said that the issue could replicate that of Bodil Lindqvist from 2003; she ran a website for her church in the town of Alseda in Sweden and was prosecuted for posting sensitive data on some of the members. Details of the case are available here.
“This went up to the European Court of Justice and that is where the cookie law is taking us, it is the blogger phenomena where simple websites will be the next Bodil Lindqvist,” Room said.
“Then the data-protection community came out in support, but like [it does with] the public sector, is the ICO going to go after small websites?”