The changes to the cookie laws, which require website operators to obtain consent from users before setting cookies came into force last year. However, the ICO’s grace period, of one year, only expired on 19 May 2012.
The ICO has set up a reporting tool to allow users of websites to report concerns about cookies on websites. The reporting tool was activated on Friday 25 May 2012. Since the reporting tool went live, the ICO has received a flurry of complaints, 64 in just three days and 180 complaints so far.
The ICO stated that the first 64 complaints did not refer to 64 separate websites. The reporting tool can be found on their website.
The ICO has stated that it will not be taking a hard line in enforcement in respect of website operators who are not compliant with the cookies laws. Instead when complaints are made the ICO will look into the steps that the website operator has taken to comply. If the website operator can demonstrate that they have taken steps to try and comply with the changes in the law, the ICO will offer help rather than taking legal action.
Websites in compliance
A number of high-profile websites have taken steps to comply with the change to the law, as follows:
Implied consent
The ICO has updated its guidance on cookies to include further information on implied consent, leading to angry responses from website operators and website designers. Many website designers have been advising clients to implement measures to obtain explicit consent, such as banners or pop-ups. Such measures take time to develop and cost money to website operators, as well as affecting the design of the website. Website operators and designers are angry over what they view as the last-minute back-tracking of the ICO, which would allow implied consent and mean that such measures were unnecessary.
The ICO has clarified that:
Steps to take to comply
As the ICO have stressed that there’s no “one size fits all approach”. What should website operators do to comply?
We recommend taking the following steps:
1. Undertake a cookie audit
A comprehensive list of all cookies used on the website should be produced. The cookies should be categorised according to their functionality and purpose in order to identify what the cookies do and the type of information they collect. The International Chamber of Commerce cookie guide may assist. This will allow you to analyse the type of solution that will be suitable.
2. Implement a solution
Consider whether implied consent will be appropriate in the situation or whether express consent will be required. Then implement the solution, this may require changes to be made to your privacy policy and attention being drawn to the changes on your homepage, the introduction of a cookies policy or the use of a banner or pop-up.
3. Keep your cookies under review
The appropriate solution for now, may not always be the appropriate solution. Each time a new cookie is added to your website you will have to consider the information it collects and how you will provide a solution to the problem of consent.
You can register online or follow us on Twitter or LinkedIn to receive our latest news, events and publications.