The Information Commissioner's Office (ICO) issued revised guidance - on 25 May 2012 - on how companies should be implementing the UK cookie law, clarifying in particular 'implied consent'.

Dave Evans, the Group Manager, Business and Industry at the ICO, wrote on 25 May 2012, in a blog-post: 'Implied consent is a valid form of consent and can be used in the context of compliance with the revised rules on cookies. If you are relying on implied consent, you need to be satisfied that your users understand that their actions will result in cookies being set. Without this understanding, you do not have their informed consent. You should not rely on the fact that users might have read a privacy policy that is perhaps hard to find or difficult to understand.'

The UK cookie consent law - which implements the EU Privacy and Communications Directive - came into effect last year in May, but enforcement was stalled by the ICO to allow businesses time to find adequate solutions. The law requires users' consent before cookies can be installed on their computers. The latest guidance was issued a day before 26 May 2012, when the moratorium on enforcement was lifted.

''The previous ICO guidance was more ambiguous on the role of implied consent'', Sally Annereau, Data Protection Analyst at Taylor Wessing, told DataGuidance. ''This ambiguity may have offered the ICO more room for manoeuvre in enforcing the law but left many businesses unsure of how to meet the Directive. Companies were busy undertaking audits and planning how to comply, but many had then held back to see what happened next before making significant changes to their sites. The revision to the cookie guidance offers business more clarity and flexibility of approach, however they still need to consider the nature of the cookies and their audience when deciding what the appropriate mechanism will be and be prepared to justify their actions.''

The Internet Advertising Bureau (IAB) stated that the 'revised guidance backs up what the ICO has always inferred: an ''ecology of solutions'' approach where consumers are informed of the use of their data and given the tools to control that data is sufficient for compliance.' According to the IAB, the guidance recognises the efforts made by the industry to provide consumers with information and control where information is collected and used by third parties.

The ICO recently announced that it will send out letters to 50 organisations in the coming days to find out how they have complied with the cookie law.

EU: BCR Webinar: Top 5 takeaways

EU: Soundbites from the EU Parliament seminar on the data reform

EU: WP29 clarifies DPAs' expectations of BSPRs

EU: 'Three possible dates' put forward for the LIBE vote on data proposals

USA: Data brokers urged to review privacy practices after FTC warnings

USA: NLRB: blanket confidentiality rule during employee investigations 'invalid'

China: MIIT draft rules expand telecoms & IISP obligations

Singapore: Personal Data Protection Commission to launch May 2013

Australia, OAIC: Data security 'critical' to meet upcoming requirements

USA: Commerce Committee criticises industry failure to adopt DNT

USA: SEC and CFTC issue Red Flag Rules for financial institutions and creditors