Most UK e-commerce sites will have to change the way they handle customer data in order to comply with new laws, according to new research. Most of the UK's busiest e-commerce Web sites do not comply with a new UK data protection law that restricts the way companies may store customer data, according to a study. The Privacy and Electronic Communications Regulations 2003 -- Britain's implementation of the EU Privacy and Electronic Communications Directive, and came into force on 11 December -- makes it an offence for a UK company to send junk email or text messages to personal addresses, unless the recipient is an existing customer or has given their permission to receive such material. Firms who flout the law could face a £5,000 fine for each breach.
The new law also covers cookies, which are small files that are placed on a user's hard drive by a Web site to help it to identify the user. Web sites using cookies will now have to offer clear and explicit information about how the cookies are being used, as well as an option for users to refuse them. Cookies are generally used to allow sites to remember a user's details, such as login information. If implemented properly, they are generally considered not to pose a threat to users' privacy.
Of the UK's top 90 e-commerce sites, nearly a quarter had no privacy policy at all, and almost none complied with best practice recommendations on cookies, according to a study by e-commerce software maker WebAbacus.
View: The full story
News source: ZDNet UK