Internet cookie law catches out MPs including justice secretary

Justice Secretary Chris Grayling is among 13 senior MPs whose websites have not been obtaining consent while gathering users' data in tracking files called cookies, the BBC has learned.

Mr Grayling's spokesman said a cookie pop-up window had been "accidentally disabled for a brief period".

But the UK's data watchdog said it would remind all 13 MPs about their compliance with EU privacy laws.

Campaigners say the law, which came into force a year ago, is "unworkable".

The Information Commissioner's Office (ICO), which is tasked with enforcing the e-privacy directive containing the provisions on cookies, refused to confirm or deny that the websites were breaking the law.

Cookies are small text files saved by websites on users' computers to store browsing information.

Many websites owners have interpreted the law to mean that they must install pop-ups or banners giving details of how they use cookies, and make it easy for users to opt out.

But no such feature appeared when the BBC visited the constituency websites of cabinet members Nick Clegg, Chris Grayling, Danny Alexander, Ed Davey and Theresa Villiers, and cabinet attendee Andrew Lansley.

Senior Labour MPs Harriet Harman, Ed Balls, Sadiq Khan, Mary Creagh, Vernon Coaker, Jon Cruddas and Karen Buck had also not adopted this approach on their constituency websites.

ICO spokesman Robert Parker said it was "difficult" to determine whether each website was complying with the directive or not, and the watchdog would only make sufficient resources available "if we felt that it was causing large numbers of people significant damage and distress".

But he said the ICO would write to the MPs concerned to remind them of their obligations under the law.

A spokesman for Deputy Prime Minister Nick Clegg said it was a "technical oversight" that one of the MP's two websites did not seek users' consent to save cookies to their machines.

"After it was drawn to our attention, we have quickly taken steps to make sure the constituency website is compliant with the directive," he said.

It has emerged that the ICO sent a similar warning letter, external to Mr Clegg in 2012. "We have not conducted a thorough audit of your site," it said. "This letter does not confirm your site is compliant, or suggest it is not, but is intended to keep you informed."

Mr Grayling's spokesman said: "While some work was being done on the backend of the website the cookie policy plugin Cookie Control, which is a recommended plugin to use for WordPress websites, was accidentally disabled for a brief period of time. This was subsequently corrected."

Ed Davey and Karen Buck said they had taken new steps to ensure their website was compliant with the law. A spokesman for Ms Harman, who is a prominent QC, said that her site had been compliant even without the cookie pop-up, which has since been re-introduced after a "technical issue recently caused [it] not to display". A spokesman for Mary Creagh said her website was being upgraded and would soon contain a cookie widget.

Some types of cookie are exempt from the law.

But all 13 MPs appear to be using Google Analytics on their websites, a widely used service which enables the owners of websites to gather anonymised data about how people browse their websites, for example whether they have visited the site before and how long they spend on each page of the site.

The ICO has said such cookies are not exempt, even though they are "not likely to create a privacy risk" if website owners "provide clear information about the cookies to users and privacy safeguards, e.g. a user-friendly mechanism to opt out from any data collection".

It has also said, external it is "highly unlikely" to take any formal action against any website using analytics cookies in breach of the law.

Technology firm Silktide's Oliver Emberton, who has previously challenged the information commissioner to take action against his own non-compliant website, said: "97% of websites use cookies - you may as well add a disclaimer that your website is using electricity."

He added: "The ICO has the impossible job of policing an unworkable law.

"The most frustrating thing for website owners has been trying to second guess what the law means, as it changes constantly. A lot of time and money has been wasted accomplishing very little.

"The idea of this law is a noble one, it's just a shame it was drafted by a team of technically illiterate octogenarians who couldn't find a button on a mouse."