The Information Commissioner's Office (ICO) issued revised guidance - on 25 May 2012 - on how companies should be implementing the UK cookie law, clarifying in particular 'implied consent'.
© 2013 Cecile Park Publishing Ltd. All rights reserved
The UK cookie consent law - which implements the EU Privacy and Communications Directive - came into effect last year in May, but enforcement was stalled by the ICO to allow businesses time to find adequate solutions. The law requires users' consent before cookies can be installed on their computers. The latest guidance was issued a day before 26 May 2012, when the moratorium on enforcement was lifted.
''The previous ICO guidance was more ambiguous on the role of implied consent'', Sally Annereau, Data Protection Analyst at Taylor Wessing, told DataGuidance. ''This ambiguity may have offered the ICO more room for manoeuvre in enforcing the law but left many businesses unsure of how to meet the Directive. Companies were busy undertaking audits and planning how to comply, but many had then held back to see what happened next before making significant changes to their sites. The revision to the cookie guidance offers business more clarity and flexibility of approach, however they still need to consider the nature of the cookies and their audience when deciding what the appropriate mechanism will be and be prepared to justify their actions.''
The Internet Advertising Bureau (IAB) stated that the 'revised guidance backs up what the ICO has always inferred: an ''ecology of solutions'' approach where consumers are informed of the use of their data and given the tools to control that data is sufficient for compliance.' According to the IAB, the guidance recognises the efforts made by the industry to provide consumers with information and control where information is collected and used by third parties.
The ICO recently announced that it will send out letters to 50 organisations in the coming days to find out how they have complied with the cookie law.