This week is Cookie week and ICO have already been busy getting their marketing machine drumming up awareness with several articles written by the BBC with numerous sound bites about what people should have done, should be doing, will need to do in the future.

XX has conceeded this is not an easy area to work in. Major sites use a vast majority of cookies for various needs and that evening auditing these is a massive challenge commercially.

The most significant nugget that I read today was that there is now an accepted level of implied constent from the user. We call me a total pleb who has never been on the internet but haven’t we been doing that since the very start? By looking on the website you accept the terms of usage and in most cases ignore the link in the footer which tells you what that actually entails.

My stand point is this.

1. This is only relevant in the EU and websites are global
2. We’ve always had privacy policies which said cookies were used

So how can you be compliant with this complete farce of a law? Simple just write a bloody good privacy policy. This law is bullshit and it has been from day one. It doesn’t come down to impact on the user experience which is what many industry loud mouths have been spouting off over. It comes down to it being sodding expensive to go through every site that provides service to people in Europe and audit them for a technological device that nobody even knew about let alone gave a shit about until somebody started threatening financial fines.

I will be encouraging all of my associates to update their privacy policies with encouraging and information plain English content instead of legalease and telling them to do absolutely nothing else.

UPDATE:

This is taken from the ICO blog (http://www.ico.gov.uk/news/blog/2012/updated-ico-advice-guidance-e-privacy-directive-eu-cookie-law.aspx)

First issued in May 2011, the guidance has been updated to clarify the following points around implied consent:

• Implied consent is a valid form of consent and can be used in the context of compliance with the revised rules on cookies.
• If you are relying on implied consent you need to be satisfied that your users understand that their actions will result in cookies being set. Without this understanding you do not have their informed consent.
• You should not rely on the fact that users might have read a privacy policy that is perhaps hard to find or difficult to understand.
• In some circumstances, for example where you are collecting sensitive personal data such as health information, you might feel that explicit consent is more appropriate.