The ICO announced a peculiar update to their advice last week. The new advice seemed to suggest that simply requesting a website would constitute implied consent – removing all together the need for explicit consent. As the law itself states that explicit consent is required for all non-essential cookies this left us in some confusion, so asking the ICO for a bit of clarification led to this:
- Implied consent probably wouldn’t be good enough for more intrusive cookies, like the third party cookies set by behavioural advertiser
Make your minds up!…?
If you’ve already switched away from Google Analytics that’s a pretty annoying u-turn.
But if you planned to ditch GA and haven’t done so yet, it means that for the time being, you can relax.
What can you change?
You can change the way Google Analytics (and any other cookie based analytics packages) interacts with Cookie Control. In fact, if the advice is to believed, it doesn’t need to interact with Cookie Control at all anymore.
What shouldn’t you change?
For the time being, your other non-essential cookies should continue to interact with Cookie Control.
Proposed Cookie Control
The compliance models are:
More complex, but much like the BBC website, provide a facility which lets users opt out / opt-in to cookies in use on your website