Is this the Cookie Crunch? ICO guidelines on changes.

Posted by on 20 May 2011

From May 26 the new European privacy laws will change how cookies are stored and used. These changes will require advertisers and website owners that track information online (usually via cookies) to seek consent from site users in order to do so. This will affect most websites and online marketing campaigns.

The UK Government and the Information Commissioner’s Office (ICO) have issued some guidance and we have set out the main points for you below, as well as including other comments and information about this change in the UK Law. We believe that although this is UK Legislation that has eminated out of Brussels, Channel Island (Jersey, Guernsey etc.) businesses should treat themselves as within the remit of the law in order to keep up with best practice and to avoid any negative publicity.

Key points

  • The ICO guidance PDF is the key document and it is meant to provide practical guidelines in relation to the new cookie legislation.
  • The guidance has been described as "work in progress" due to the fact that the ICO couldn't publish any guidance until the law was published in the UK.
  • In short, the new rules will effectively require opt-in consent to use most kinds of cookies.
  • The new legislation comes into force on 26 May 2011.  
  • Period of grace max 12 months - "We are not going to be going in on day one with a heavy hand. There will be a period of grace, but that will not last longer than 12 months. And if I receive complaints on day one – which I will – we will examine how far efforts have been made to comply,"  Christopher Graham, U.K. Information Commissioner.
  • The most controversial area, third party cookies (ie. required by ad networks), remains problematic and unclear.
  • These are self regulation rules and the ICO doesn't really know how they are going to enforce the new law.
  • The new rules impact advertisers and website owners.
  • The government is working with the major browser manufacturers to  establish which browser level solutions will be available and when.  I.e.  if the user visits your website, you can identify that their browser is set up to allow cookies of types A, B and C but not of type D and as a result you can be confident that in setting A, B and C you have his consent to do so.  You would not set cookie D.  
  • Possible solutions - some example methods of obtaining consent from website users (dependent on how intrusive the cookies are)  e.g. Pop up, accepting T&C when signing up,  Settings-led consent (i.e. consent gained when user confirms how they want the site to work - e.g. remember language selection),  Feature-led consent (i.e. agreeing to the functionality being 'on'), Functional uses (analytics), Third party cookies (e.g. ad networks).

Our suggestion is that website owners should wait and see what big websites that operate in their sector do with their T&Cs and if they introduce some opt-in mechanisms. 

Next steps for website owners

However, if website owners are very keen and pro-active, here's what we'd recommend: 

  • READ: 

ICO Advice note

Wall Street Journal Blog

PC World Blog

  • AUDIT: Check what type of cookies and similar technologies you use and how you use them.
  • COOKIE TYPES:  Assess how intrusive your use of cookies is. 
  • CONSENT: Decide what solution to obtain consent will be best in your circumstances.
  • FINALLY, Stay abreast of official interpretations and enforcement policies, such as those promised by the ICO, that may offer more detailed guidance on cookie notices and consent mechanisms.

Naturally, if you want to come and discuss your individual cicumstances with us, please just give us a call on +44 1534 491096 or you can always post your questions at the end of this blog.


Post your comment

Comments

No one has commented on this page yet.

RSS feed for comments on this page | RSS feed for all comments

Home » E-scape Blogs » Others » Is this the Cookie Crunch? ICO guidelines on changes.
top of the page