This week is Cookie week and ICO have already been busy getting their marketing machine drumming up awareness with several articles written by the BBC with numerous sound bites about what people should have done, should be doing, will need to do in the future.
XX has conceeded this is not an easy area to work in. Major sites use a vast majority of cookies for various needs and that evening auditing these is a massive challenge commercially.
The most significant nugget that I read today was that there is now an accepted level of implied constent from the user. We call me a total pleb who has never been on the internet but haven’t we been doing that since the very start? By looking on the website you accept the terms of usage and in most cases ignore the link in the footer which tells you what that actually entails.
My stand point is this.
- This is only relevant in the EU and websites are global
- We’ve always had privacy policies which said cookies were used
I will be encouraging all of my associates to update their privacy policies with encouraging and information plain English content instead of legalease and telling them to do absolutely nothing else.
This is taken from the ICO blog (http://www.ico.gov.uk/news/blog/2012/updated-ico-advice-guidance-e-privacy-directive-eu-cookie-law.aspx)
First issued in May 2011, the guidance has been updated to clarify the following points around implied consent:
- Implied consent is a valid form of consent and can be used in the context of compliance with the revised rules on cookies.
- If you are relying on implied consent you need to be satisfied that your users understand that their actions will result in cookies being set. Without this understanding you do not have their informed consent.
- In some circumstances, for example where you are collecting sensitive personal data such as health information, you might feel that explicit consent is more appropriate.