With the 26 May deadline for compliance now behind us, the latest guidance from the UK Information Commissioner’s Office (ICO) has raised a few eyebrows. The requirement for explicit consent before a site can store cookies on another user’s device has been relaxed with the assumption of “implied consent” now being accepted as a valid means to comply with the law.
What does this mean? At the simplest level, a user who makes a conscious choice to visit your site could be deemed to have given their implied consent to receive cookies, removing the need for you to collect their explicit consent. For this implied consent to be sufficient a site owner still needs to ensure that their privacy policy is easily discoverable and clearly lays out the ways that cookies are used on your site. However, the ICO also warns:
Implied consent is certainly a valid form of consent but those who seek to rely on it should not see it as an easy way out or use the term as a euphemism for “doing nothing”.
That said, the likelihood of the ICO imposing financial penalties on any organisation for failing to comply with this law is, by the ICO’s own admission, close to zero. Some may read this as an invitation to do nothing, and therein lies the most absurd aspect of this unenforceable new law.
If you haven’t already, watch Dave Evans’ video below to familiarise yourself with the steps you may still need to take to stay on the right side of the law. As long as you understand how cookies are used on your site, don’t use cookies in a bad way, have a clear privacy policy, and take some basic steps to ensure that visitors know that cookies are in use and why, you should be safe.
Mind you, I’m not a lawyer so seek legal advice if in doubt. Good luck!
[youtube=http://www.youtube.com/watch?v=V0M8MYiGkQw]
Further reading: