[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Thursday, 11 December, 2003, 01:52 GMT
Top UK sites 'fail privacy test'
Computer user
Net users should be able to reject cookies easily if they wish
Most top UK websites are breaking new rules which require them to do more to protect web users' privacy.

WebAbacus research found 98% do not give enough information about the text files which track user movements, or provide a single-click opt-out option.

"Companies are either not aware of the legislation, or are ignoring it," said Ian Thomas from WebAbacus.

The Privacy and Electronic Communications Regulation, effective on Thursday, also aims to control spam.

Cookies data

The Information Commissioner - the organisation which enforces the regulations - was "very surprised" so many websites were not doing what is required, even though these regulations have been on the horizon for a long time.

"There should be transparency. People should know what is going on with the information collected about them," Phil Jones, assistant information commissioner, told BBC News Online.

24%: No privacy policy
12%: Privacy policy, but no information about cookies
53%: Privacy policy, with information about cookies (might include reference to blocking cookies through a browser)
8%: Privacy policy, with information about cookies and detailed instruction blocking cookies through a browser
2%: Single click opt-out (compliant)

"People should recognise that the information collected is only benign - but they should be alerted to the ways that data is going to be used."

He added he hoped that the situation would improve "fairly quickly".

WebAbacus surveyed 90 of the UK's most popular websites on the day before the rules came into force and found that 24% did not even have any kind of privacy policy.

Only 2% were totally compliant with the rules.

Making them plain

Websites use cookies, small text files deposited on a website visitor's computer, for different reasons.

They give websites a "memory", and are mainly used for identification purposes, or remembering registration details. Others use them to target returning visitors with relevant services and information.

It will have zero effect on the vast majority of spammers who care little about the law
Mebs, London

Although usually benign, care needs to be taken to ensure poorly-designed websites are not able to store confidential information, like credit card numbers, on users' machines without any encryption or security, according to Mr Thomas.

The rules on cookies, set out in regulation six of the new digital privacy legislation, aim to ensure they are not misused.

What they are, their purpose and how to reject them should be explained clearly, in non-technical language, say the rules.

"Users should not be concerned about websites that use cookies," Mr Thomas said.

"Indeed, it is very difficult for websites to provide useful features and services without cookies."

But he added there was "no excuse" for sites not to provide users with a single click opt-out, because it is very simple to do.

Most of the legislation's focus is on the rules that try to curb spam, which now accounts for more than half of all e-mail traffic.

Spam attack

The new laws are the UK's interpretation of the requirements of the EU Directive on Privacy and Electronic Communications that demands member states do more to combat spam.

The UK law tries to create a system that lets legitimate businesses send direct e-mail to users but attempts to stop the scammers and spammers by punishing them with fines.

Companies can send unsolicited mail to customers who have agreed to receive it.

Unsolicited spam can be sent to companies, but it must have an opt-out clause inside it.

Spam graphic
Critics say the spam regulations 'lack bite'
Spam to consumers is banned.

Research by the Direct Marketing Association and e-mail marketing firm Experian showed that 26% of marketers are confused about the new directive and do not know what impact it will have on their business.

Critics of the UK approach say the laws do not go far enough.

"The whole problem with these laws is that they are geared to spammers being honest and respecting laws," said Steve Linford, founder of anti-spam organisation The Spamhaus Project.

"And of course there are no honest spammers - the whole profession is based on deceit."

Others pointed out that they will make little difference to the amount of junk mail people receive.

Filtering firm Clearswift pointed out that the regulations only apply to firms within Europe but the majority of unwanted - and offensive - spam comes from the US.

Alyn Hockey, Clearswift's Director of Research, said it was encouraging that the authorities recognised the growing irritation with spam.

"But," he added, "what about all the mail emanating from abroad? It's hardly going to discourage the spamming hardcore from peddling their wares."

The fines that the regulations impose are also too light say critics. Junk mailers face a fine of about 5,000 for sending unwanted mail.

Anti-virus and spam fighting firm Avecho said net service providers could do much more to combat spam.

It proposes setting up a caller identification system for the net similar to that operating on fixed phone lines.

The system would allow people to be verified online allowing spammers to be traced spammers, or for their mail to be blocked if they refuse to be identified.

Nick Scales, chief executive of Avecho, said net service firms could set up a caller-ID type system very quickly and easily.

"All the infrastructure and databases are already there," he said, "they just need configuring."

New laws on spam come into force
11 Dec 03  |  Technology
US anti-spam law edges closer
09 Dec 03  |  Technology
Spammers turn to classic prose
01 Dec 03  |  Technology
New EU laws tackle spam
31 Oct 03  |  Europe
Spam set to soar this Christmas
11 Nov 03  |  Technology
Spam watchdog 'needs more bite'
06 Oct 03  |  Technology
Spam 'turning people off e-mail'
24 Oct 03  |  Technology
Anti-spam laws 'lack bite'
23 Sep 03  |  Technology
Virus writers turn to spam
30 Jul 03  |  Technology
How to spot and stop spam
26 May 03  |  Technology


The BBC is not responsible for the content of external internet sites


News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia
UK | Business | Entertainment | Science/Nature | Technology | Health
Have Your Say | In Pictures | Week at a Glance | Country Profiles | In Depth | Programmes
Americas Africa Europe Middle East South Asia Asia Pacific