Cookies Guidance: The UK Information Commissioner (ICO) has published updated guidance on the use of website cookies following a change in the law earlier this year.
The new cookies guidance is supporting key compliance mechanisms, such as: implied consent; enhanced notice and transparency; the contractual approach; and the intrusiveness approach. If the ICO adheres to this approach, then a good balance will be struck between the interests of all the key stakeholders.
In his press release, Information Commissioner, Christopher Graham, said:
'The cookies guidance we’ve issued today builds on the advice we’ve already set out, and now includes specific practical examples of what compliance might look like. We’re half way through the lead-in to formal enforcement of the rules.
But, come 26 May next year, when our 12 month grace period ends, there will not be a wave of knee-jerk formal enforcement actions taken against those who are not yet compliant but are trying to get there.'
The UK government revised The Privacy and Electronic Communications Regulations 2003, which came into force in the UK on 26 May, to address new EU requirements. The Regulations make it clear that UK businesses and organisations running websites in the UK need to get consent from website visitors in order to store cookies on users’ computers.
Key points in the cookies guidance
Key points set out in the amended cookies advice include:
- More detail on what is meant by consent. The advice says ‘consent must involve some form of communication where an individual knowingly indicates their acceptance.’
- The guidance explains that cookies used for online shopping baskets and ones that help keep user data safe are likely to be exempt from complying with the rules.
- However, cookies used for most other purposes including analytical, first and third party advertising, and ones that recognise when a user has returned to a website, will need to comply with the new rules.
- Achieving compliance in relation to third party cookies is one of the most challenging areas. The ICO is working with other European data protection authorities and the industry to assist in addressing the complexities and finding the right answers.
- The ICO will focus its regulatory efforts on the most intrusive cookies or where there is a clear privacy impact on individuals.