Update to the ICO ruling and mixed messages …..

The ICO announced a peculiar update to their advice last week. The new advice seemed to suggest that simply requesting a website would constitute implied consent – removing all together the need for explicit consent. As the law itself states that explicit consent is required for all non-essential cookies this left us in some confusion, so asking the ICO for a bit of clarification led to this:

  1. Implied consent should be good enough if the cookies in question are unobtrusive enough and documented in a privacy policy or similar
  2. Implied consent probably wouldn’t be good enough for more intrusive cookies, like the third party cookies set by behavioural advertiser

Make your minds up!…?

If you’ve already switched away from Google Analytics that’s a pretty annoying u-turn.

But if you planned to ditch GA and haven’t done so yet, it means that for the time being, you can relax.

Of course, following the change to Google’s privacy policy it seems there’s a danger that google analytics cookies could be among the most intrusive on the web. When I asked the ICO about this they said there were a number of lines of enquiry open with Google.

What can you change?

Analytics

You can change the way Google Analytics (and any other cookie based analytics packages) interacts with Cookie Control. In fact, if the advice is to believed, it doesn’t need to interact with Cookie Control at all anymore.

What shouldn’t you change?

For the time being, your other non-essential cookies should continue to interact with Cookie Control.

Proposed Cookie Control

The compliance models are:

Information only
Update your terms and privacy policy to show what cookies are in use on your website and assume ‘implied consent’

Opt-out advise
By default all cookies are enabled. It is possible to advise customers what cookies they could opt out of without effecting the website functionality e.g shopping basket. Provide links to 3rd party provider websites to show privacy policy and provide instructions on how to disable them

Opt-in/Opt-out model
More complex, but much like the BBC website, provide a facility which lets users opt out / opt-in to cookies in use on your website