Cookie concerns - 180 complaints so far - Law Firm

6 Aug 2012

The changes to the cookie laws, which require website operators to obtain consent from users before setting cookies came into force last year. However, the ICO’s grace period, of one year, only expired on 19 May 2012.

The ICO has set up a reporting tool to allow users of websites to report concerns about cookies on websites. The reporting tool was activated on Friday 25 May 2012. Since the reporting tool went live, the ICO has received a flurry of complaints, 64 in just three days and 180 complaints so far.

The ICO stated that the first 64 complaints did not refer to 64 separate websites. The reporting tool can be found on their website.

The ICO has stated that it will not be taking a hard line in enforcement in respect of website operators who are not compliant with the cookies laws. Instead when complaints are made the ICO will look into the steps that the website operator has taken to comply. If the website operator can demonstrate that they have taken steps to try and comply with the changes in the law, the ICO will offer help rather than taking legal action.

Websites in compliance

A number of high-profile websites have taken steps to comply with the change to the law, as follows:

The Financial Times has chosen to use a pop-up notice that appears when a user clicks onto the site. The pop-up includes links to the Financial Times’ cookie policy, which explains what cookies are and how they are used and a link to information on disabling cookies.
BT is using a pop-up box, which automatically disappears, to provide links to further information about cookies, together with a permanent link at the bottom of each page regarding cookies.
The Guardian has chosen a header for its page, with a link to further information on cookies and a statement that by continuing to use the website, the user agrees to the use of cookies.

Implied consent

The ICO has updated its guidance on cookies to include further information on implied consent, leading to angry responses from website operators and website designers. Many website designers have been advising clients to implement measures to obtain explicit consent, such as banners or pop-ups. Such measures take time to develop and cost money to website operators, as well as affecting the design of the website. Website operators and designers are angry over what they view as the last-minute back-tracking of the ICO, which would allow implied consent and mean that such measures were unnecessary.

The ICO has clarified that:

Implied consent is a valid form of consent and it can be used to comply with the new rules surrounding cookies.
However, it is important that if website operators are relying on implied consent, they are satisfied that users understand their actionswill result in cookies being set.
Website operators should not rely on the fact that users might have read a privacy policy that is hard to find or difficult to understand.
In some circumstances, such as if sensitive personal data (e.g. health information) is being collected, explicit consent might be more appropriate.

Steps to take to comply

As the ICO have stressed that there’s no “one size fits all approach”. What should website operators do to comply?

We recommend taking the following steps:

1. Undertake a cookie audit

A comprehensive list of all cookies used on the website should be produced. The cookies should be categorised according to their functionality and purpose in order to identify what the cookies do and the type of information they collect. The International Chamber of Commerce cookie guide may assist. This will allow you to analyse the type of solution that will be suitable.

2. Implement a solution

Consider whether implied consent will be appropriate in the situation or whether express consent will be required. Then implement the solution, this may require changes to be made to your privacy policy and attention being drawn to the changes on your homepage, the introduction of a cookies policy or the use of a banner or pop-up.

3. Keep your cookies under review

The appropriate solution for now, may not always be the appropriate solution. Each time a new cookie is added to your website you will have to consider the information it collects and how you will provide a solution to the problem of consent.

Authors

Follow us online

Register for updates

You can register online or follow us on Twitter or LinkedIn to receive our latest news, events and publications.

Cookie	Type	Duration	Description
__atuvc	third party	1 year	This cookie is set by Addthis to make sure you see the updated count if you share a page and return to it before our share count cache is updated.
__atuvs	third party	30 minutes	This cookie is set by Addthis to make sure you see the updated count if you share a page and return to it before our share count cache is updated.
__stripe_mid	third party	1 year
__stripe_sid	third party	30 minutes
_ga	third party	2 years	This cookie is installed by Google Analytics and collects information on how users interact with the website. The cookies store information anonymously and assigns a randomly generated number to identify unique visitors. It is used to distinguish users.
_gat	third party	1 minute	Google Analytics cookies to track users as they navigate the website and help improve the website's usability.
_gid	third party	24 hours	This cookie is installed by Google Analytics and collects information on how users interact with the website. The cookies store information anonymously and assigns a randomly generated number to identify unique visitors. It is used to distinguish users.
cookielawinfo-checkbox-necessary	session	1 year	Records the default button state of the corresponding category. It works only in coordination with the primary cookie.
cookielawinfo-checkbox-non-necessary	session	1 year	This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given their consent to the usage of cookies under the category 'Non-Necessary'.
di2	third party	1 year	This cookie is set by addthis.com on sites that allows sharing on social media. The cookie is used to track user behavior anonymously to generate usage trends to improve relevance to their services and advertising.
loc	third party	1 year	This cookie is set by Addthis. This is a geolocation cookie to understand where the users sharing the information are located.
m	third party	2 years
na_id	third party	1 year	This cookie is set by Addthis.com to enable sharing of links on social media platforms like Facebook and Twitter
NID	third party	6 months	This cookie is used to a profile based on user's interest and display personalized ads to the users.
ouid	third party	1 year	The cookie is set by Addthis which enables the content of the website to be shared across different networking and social sharing websites.
uid	third party	1 year	This cookie is used to measure the number and behavior of the visitors to the website anonymously. The data includes the number of visits, average duration of the visit on the website, pages visited, etc. for the purpose of better understanding user preferences for targeted advertisments.
um	third party	1 year	Set by addthis.com.(Purpose not known)
uvc	third party	1 year	The cookie is set by addthis.com to determine the usage of Addthis.com service.
vc	third party	1 year	This cookie is set by addthis.com on sites that allow sharing on social media.
viewed_cookie_policy	session	1 year	Is the primary cookie that records the user consent for the usage of the cookies upon accept and reject. It doesn't track any personal data and is set only upon user action (accept/reject).

Cookie concerns – 180 complaints so far

Authors

Nigel Miller

Follow us online

Register for updates

Cookie concerns – 180 complaints so far

Authors

Nigel Miller

Follow us online

Register for updates

Popular insights

UK Data Protection Reform – new Data Protection and Digital Information Bill

Immigration Briefing: recent changes and what to expect in 2023

Direct(or) responsibility: 10 ways a director could be held personally liable in 2022