On 26 May 2011, the European Union (EU) e-Privacy Directive became law. The ICO (Information Commissioner's Office) is the department responsible for implementing these regulations within the UK. They provided a year-long grace period, which ends on 26 May 2012, to give website owners time to comply. This law affects all website owners who sell products or services to customers in the EU, whether their website is based in the EU or not.
Otherwise known as the ‘cookie law’, it requires that all website visitors be notified of the type of cookies the website wishes to place on their computer and what those cookies will be used for.
Initially the law required the website owner to provide an ‘opt-in’ to visitors to accept cookies. This meant website visitors must provide their consent to the placing cookies. However, the ICO updated its policy to allow website owners to use "implied consent" to comply. This means users do not have to make an explicit choice. Instead, their continued use of a site would be taken to mean they are happy for information to be gathered.
The regulations are designed to protect user privacy when they are using the web.