Posted: Wednesday, 25 May 2011 @ 16:13
The main effect of the new rules is that if you are a website owner you will need consent from a user of your site to store a cookie on their computer. The ICO recognises that cookies perform a number of legitimate functions and that obtaining consent will, in many cases, be a challenge.
Nevertheless the ICO also states that the one exception to the need for consent will be interpreted narrowly. That exception is when a cookie is strictly necessary to deliver a service which has been explicitly requested by the user, such as is the case for online shopping baskets. The exception will not apply if you as a website operator decided, for example, that your website would operate better or be more attractive to users if it remembered their preferences or if it used a cookie to collect statistical information about the use of your website.
The good news is that to start with the ICO will only expect a website owner to be able to demonstrate that they are taking steps to comply. The bad news is that it is not known how long that situation will apply. In fact further guidance is to be issued by the ICO as to how they propose to enforce the new rules - the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 to give them their full title – and we do not yet know when that will be available.
So what should you do now?
According to the ICO advice you should:
- check what type of cookies are being used on your website and how it uses them, so you’ll need to talk to your web developers or conduct an audit of your website to establish this information.
- decide on the best way to obtain users’ consent.
So far as obtaining consent is concerned, most browser settings are stated to be inadequate for this at present though the government is working with the major browser providers so that this might be sufficient in future. In the meantime the ICO guidance discusses various options including pop-ups and similar devices or user-led settings as to how the user wants the website to work for them, but notes that any changes to terms and conditions accepted by the user previously will need the user’s agreement.
Basically the new position will be that opt-in to cookies will be required, so you need to take action as advised by the ICO now and watch out for further details when the ICO issues its guidance about enforcement.
Commercial Solicitor, Birmingham
Blog by Sue Mann
Sue is an experienced commercial solicitor based in Birmingham from where she helps businesses all over the country advising on, drafting, and reviewing business contracts and commercial agreements. View profile
This blog is not intended to constitute legal advice, nor is it intended to be a complete and authoritative statement of the law, and what we say might be out of date by the time you read it. You should always seek legal advice to confirm whether or how any information in this article applies to your particular situation. We offer a free telephone consultation
to discuss your particular circumstances.