With the 26 May deadline for compliance now behind us, the latest guidance from the UK Information Commissioner’s Office (ICO) has raised a few eyebrows. The requirement for explicit consent before a site can store cookies on another user’s device has been relaxed with the assumption of “implied consent” now being accepted as a valid means to comply with the law.
Implied consent is certainly a valid form of consent but those who seek to rely on it should not see it as an easy way out or use the term as a euphemism for “doing nothing”.
That said, the likelihood of the ICO imposing financial penalties on any organisation for failing to comply with this law is, by the ICO’s own admission, close to zero. Some may read this as an invitation to do nothing, and therein lies the most absurd aspect of this unenforceable new law.
Mind you, I’m not a lawyer so seek legal advice if in doubt. Good luck!