Following on from my recent post about the EU Cookie Directive (and an email my agency sent to clients in the run up to May 26th) I thought I would update readers on changes in the Information Commisssioner’s Office (ICO) approach to enforcement.
However, the ICO stated in its revised guidelines of the 24th that implied consent was now acceptable. This has come as a great relief to many site owners, as the task of implementing explicit permission solutions posed a significant challenge, and for some sites would be prohibitively expensive. Although, by leaving the announcement until two days before the legislation was due to come into force, it meant that many companies had already gone to the trouble and expense of deploying solutions.
The new guidance doesn’t let website owners entirely off the hook, however. The legislation’s requirement for more detailed descriptions of which cookies are in use on a site, and what role they serve still applies. Also, if your site uses intrusive tracking cookies for the purposes of advertising or recommendations, explicit consent may still be required.
So, in the light of this shift of position, my agency’s advice to clients is to do the following:
- Conduct a full site-wide audit of all cookies in use on your site(s)
- Feature a link to the new policy page prominently in the footer or header of your site.
- If your site features a lot of third-party advertising determine if an explicit consent solution is required, then work with your in-house or external web team to develop and implement an appropriate solution
- Develop a plan for monitoring and managing your site’s cookies going forward
Derek Gavey (Flickr)