The new EU legislation, announced in May 2011, requires websites to ask users for their ‘informed consent’, and will divide the type of consent into different categories.
However, on 25th May 2012, the Information Commissioners Office released new advice on the guidance given last year. The last minute update to the cookie law (the day before the law was due to be enforced) proved to be less restricting than what everyone had been working towards. The policy was changed to allow organisations to use ‘implied consent’ to comply; meaning users do not have to make an explicit choice over their information being stored.
Doing a little research for this blog I realised I wasn’t 100% sure what a cookie even was! Apart from the ones you eat obviously. (I made some peanut butter cookies over the weekend and they were pretty good, I must say!) But anyway, back to internet cookies….What are they?
A cookie is a small file, typically of letters and numbers, downloaded on to a device when you access certain websites. Cookies are then sent back to originating website on each subsequent visit, therefore recognising your device.
What’s implied consent? Implied consent is now a valid form of consent according to the ICO. It puts responsibility on the user rather than the website operator, which is better news for businesses struggling to comply with the new directives.
The ICO website has some clarifications around implied consent:
• If you are relying on implied consent you need to be satisfied that your users understand that their actions will result in cookies being set. Without this understanding you do not have their informed consent.
• In some circumstances, for example where you are collecting sensitive personal data such as health information, you might feel that explicit consent is more appropriate.
The public are being encouraged to voice any cookie concerns by using a tool on the ICO website, meaning the ICO will know where to focus their priorities. Non-compliant website owners face a fine of up to £500,000, but this was said to be in cases where a serious breach has occurred.
The change to the cookie law gives businesses more time to comply as it was recognised that most websites would not meet last weekend’s deadline. From the