Sites must now ask permission to hold details or risk £500,000 fine.

Companies that sell online are being advised to update insurance policies in the wake of new privacy regulations that came into force this month governing business websites.

As of May 1 web visitors now have to give consent for websites to download cookies — temporary internet files that gather information about the user’s online activity.


Experts claim the ruling will have a major impact on any website that obtains user information, such as counting web visitors or recording what customers put in their online shopping basket. This includes lingerie or swimwear providers that sell to customers online.

Previously most businesses had a tick box system in their privacy policy allowing web visitors to opt out of having cookies downloaded onto their computers.

However website operators now have to provide much more information to allow visitors to make their own decisions or risk a fine of up to £500,000.

Peter Castle, executive director at insurance specialist Bluefin, said: “Any business which runs a website will use cookies in some form, so this change will have a widespread affect. Until now the responsibility for allowing the sharing of personal data lay with the web visitor, however the onus is now on the website proprietor to ensure its customers understand that this information will be downloaded by the website.”

Castle added that new insurance solutions were emerging to account for the heightened business risk of data security breaches and the potential liability for fines and compensation, and the fear of reputational damage.

He said that although most businesses are clear about the role of cookies when purchasing goods online, some do not realise quite how widespread the use of cookies is.

Every time a user logs onto a website, a cookie will be used to remember the login and password so the visitor does not have to key in these details each time. Under the new rules, websites will need to gain the user’s consent to download this information.

Castle said: “Businesses need to carefully consider how they will implement the new regulations as there is a risk that obtaining these consents will become cumbersome to the web visitor and they may leave the site completely. Businesses need to weigh up the value of gaining certain information from a user against adversely affecting the visitor’s experience.”