In May 2011, the Information Commissioner’s Office (ICO) gave UK organisations 1 year to comply with the new cookies law, which requires them to get permission before using cookies on websites.
1 year later, that law is now fully in effect. In this article we look at the latest updates from the ICO, and see what solutions other websites have used.
Updated guidance on “implied consent”
Last Friday, the day before their deadline, The ICO issued an updated guidance (PDF), changing and expanding the section about “implied consent”. This change seems to have added further confusion to an already confusing law!
For example, an article on The Guardian website claims that the regulations have been “watered down”, and that it “shifts responsibility to the user rather than the website operator”. Others seem to be repeating this as if it negates the law entirely.
However, the updated guidelines state “for implied consent to work there has to be some action taken by the consenting individual from which their consent can be inferred” and that “it would be extremely difficult to demonstrate compliance simply by showing that a user visited a particular site”.
In other words, implied consent doesn’t mean you can set cookies without informing the user. It does, however, mean that solutions like ours, where we put information about cookies promintently in the header, but assume consent unless the user decides to opt out, are much more acceptable than they appeared under the original guidelines.
Various websites unveil their cookies law solutions
A number of high-profile websites unveiled their solutions to the cookies law this weekend, including the BBC (a large banner at the top of the page), Channel 4 (also a large banner), The Guardian (a somewhat smaller banner), and The Telegraph (a small link in the header). All of these sites rely on implied consent.
You can see more details about all four on Econsultancy.com.
Fines are unlikely, but the ICO will still enforce the law
It seems the ICO are unlikely to issue fines, except perhaps for very serious breaches, but they still expect organisations to comply with the law and will issue enforcement notices where necessary.
Our advice is unchanged:
- If you don’t know what cookies are in use on your website, conduct a cookies audit to find out.
- Make sure you have an up-to-date cookies policy that includes background information about cookies, the specific cookies your website uses, and how to opt out.
- Assess whether you can give users an easy way to opt out of cookies, or (ideally) remove the cookies altogether until users choose to opt in.
If you want help complying with the cookie law, call us on 01865 794009 or email email@example.com.