New cookies law – update from the ICO on timetable for compliance and example consent mechanism

I promised an update and here it is.

Following my blog last Friday, the UK Information Commissioner has this morning announced that website operators will have a period of one year to comply with the new rules on cookies.

As flagged in the Commissioner’s previous guidance note, that does not mean that website operators can wait 364 days before making the changes though. The new laws come into force tomorrow (26 May), but provided a website operator can show that it is taking steps towards compliance, the Commissioner is unlikely to take enforcement action during the one year transition period.

Example of how to obtain consent under the new rules
The ICO website also gives an example of how organisations can modify their websites to ensure that consent is obtained in accordance with the requirements of the new rules. In the ICO’s case, a pop-up box appears at the top of the webpage, giving details of cookies used, a link to more information, and tick box consent.

The site looks like this:

The ICO’s privacy policy also gives an example of the level of detail that the ICO presumably expects website operators to provide to users in relation to the cookies used on a site. Amusingly, once of the ICO’s cookies is a cookie that records a user’s acceptance of the use of cookies!

Should I follow the ICO’s approach?
Whilst the ICO is not mandating that organisations follow its approach (accepting that cookies are used in different ways on different sites, and that its approach may not be the best one*), it does provide some helpful guidance. The information in the pop-up window used by the ICO is not as detailed as I had expected. It is also clear from the ICO’s approach that it is still acceptable to have an “all or nothing” approach to cookies, rather than having to give the user the detailed options on accepting some but not other cookies on a website. You can find an explanation of the ICO’s approach on its website.

*Rather unhelpfully, the ICO already accepts that its approach may not be perfect, and is effectively reserving its right to change its approach – in a Tweet a few moments ago, it said “Our response to cookie rules is our solution for now – we think it’s a good start but not perfect. Other ideas welcome!” If the regulator openly admits that it cannot decide on how best to comply with a law, then its not surprising that it is giving organisations a year to comply.

1 Response to “New cookies law – update from the ICO on timetable for compliance and example consent mechanism”



  1. 1 ICO publishes updated guidance on cookies compliance « Brodies TechBlog Trackback on December 13, 2011 at 7:52 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




Twitter: @BrodiesTechBlog feed

May 2011
M T W T F S S
« Apr   Jun »
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

%d bloggers like this: