The ICO traps the cookie monster

Posted on the 23rd May 2011

Well – the powers that be (the Information Commissioners Office) have decided that it’s high time that they cracked down on the use of cookies.

New ICO guidance has issued an RU cookie law. The ICO guidance says websites cannot rely on browser settings to decide whether a user consents to having his or her online activity tracked, and that, in most cases, sites should seek explicit consent from the visitor.

“In [the] future, many websites may be able to rely on the user’s browser settings to demonstrate they had the user’s agreement to set all sorts of cookies,” the ICO announcement states. “We are aware that the government is working with the major browser manufacturers to establish which browser-level solutions will be available and when. For now, though, you will need to consider other methods of getting user consent.”

The law which applies to how you use cookies and similar technologies for storing information on a user’s equipment such as their computer or mobile device is changing on 26 May 2011. This document sets out these changes and explains what steps you need to take now to ensure you comply.

It is aimed at those organisations which are starting to think about how they will comply with the new rules. It is a starting point for getting compliant rather than a definitive guide.

These changes apply to storage or gaining access to information stored, in the device of a subscriber or user. This means the use of cookies and similar technologies for storing information.

A cookie is a small file of letters and numbers downloaded on to a device when the user accesses certain websites. Cookies allow a website to recognize a user’s device.

The Regulations also apply to similar technologies for storing information. This could include, for example, Locally Stored Objects (commonly referred to as “Flash Cookies”).

The ICO recognises that cookies perform a number of legitimate functions. They also recognise that gaining consent will, in many cases, be a challenge. However, it is important to remember that that these rules give you the opportunity to check how well you explain how your web pages work to the people who visit them. Complying with the new rules will allow you to be confident that your users have a better and clearer understanding of what you do and how you do it.

I don’t want to be negative but…regardless of what the ICO claim this is going to be a huge hassle – not for obvious cookie use such as shopping carts, but for information gathering etc. It is going to add another layer of work and processing to any online business and, if the ICO’s track record is anything to go by – it will be totally unenforceable, so what is the point? Nonetheless, it’s worth some attention.