The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 came into force on 26 May 2011 and amend the Privacy and Electronic Communications (EC Directive) Regulations 2003, which cover direct marketing by electronic means and the use of cookies.  

The amendments give the Information Commissioner new powers to  serve a monetary penalty on an organisation when very serious breaches of the 2003 Regulations occur and to investigate breaches of the 2003 Regulations by obtaining information from certain third party organisations.

They also introduce an additional requirement where a website uses ‘cookies’, which are small files of letters and numbers downloaded on to a device when the user accesses certain websites, which allow the website to recognise the device. Except where a ‘cookie’ is strictly necessary, websites will now have to obtain the consent of the user or subscriber before ‘cookies’ can be placed on machines.  The Information Commissioner has published guidance on the change to the rules. Organisations have 12 months from 26 May 2011 to make sure they comply with the new rules.  

The Information Commissioner has issued this statement about how he intends to approach enforcing the new rules and using the new powers.