The Information Commissioner’s Office – the UK’s data protection and privacy regulator – has issued guidance on cookies, just hours before the new law became live. Cookies are small files left on users’ machines by web sites so that the web sites can recognise them easier. Cookies can be used to make the users’ experiences on the site better or to help the operators of the web sites, such as to send targeted advertising.
From 26 May 2011, in line with European Union requirements, the UK introduced a law requiring any web site operators to obtain consent from users or subscribers if the web site uses cookies. The ICO agreed to offer a period of one year before it would take any action so as to give people the opportunity to comply. The ICO had issued guidance on compliance when the law first came into force, but on 25 May 2012 – just before it was going to be enforced by the Regulator – further updated guidance was issued. In the guidance, the ICO said that “implied” rather than “express” consent would often suffice, although this would not always be the case. The more privacy-intrusive the cookie and its use, the more that would need to be done to show consent.
We would be pleased to help if you need to find your way through the law, and make sure that the cookie crumbles the right way for you.