Recent ICO Guidance on Cookies
The UK Information Commissioner’s Office (ICO) recently released new guidance on the use of cookies and similar technologies. Learn how it could affect your website.
Recent online privacy laws have been “all the rage” in recent years, making it crucial for companies big and small to follow, comply and keep up with. These laws require companies with websites that use cookies to inform visitors that data may be collected as they browse on their website. As laws state, companies must also provide visitors with the option to choose what information they are willing to share. The UK Information Commissioner’s Office (ICO) released new guidance on the use of cookies and similar technologies, providing updated directions for complying with the following laws:
- Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR)
- The General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR)
Here are the main takeaways and what it might mean for you:
Implied consent is no longer acceptable
Essentially, this is referring to the type of cookie consent banner that disappears if a user ignores the banner. Your website’s consent banner must clearly state what cookies will be set and the user must take positive action to consent to non-essential cookies. Consent is not required for cookies that are defined as necessary for providing service to the user. For example, a cookie required to make a video play on your website – users do not have to provide consent for this type of cookie because it is necessary to make the video load properly. See the below changes regarding what’s classified as strictly necessary cookies.
‘Strictly Necessary’ exemptions have changed (i.e. Cookies used for Google Analytics and advertising purposes)
Companies are required to be clear with users about the purpose of storing information and requesting consent. As mentioned above, cookies relating to the functionality of a website do not require consent, but cookies for analytics, social media and advertising now require consent to track data.
Items that DO meet the ‘strictly necessary’ exemption
- Cookies that are used to remember items that a user purchases or adds to a shopping cart
- Cookies used that must comply with GDPR’s security principle, such as a connection with an online banking service
- Cookies that help increase the page load time
Items that DO NOT meet the ‘strictly necessary’ exemption
- Cookies used for website analytics
- Cookies used for first and third-party advertising
- Cookies used to recognize a user when returning to a website
Additionally, in late June, the French data protection authority (CNIL) and other data protection authorities announced that it will repeal its 2013 cookie recommendation in July 2019 and will publish updated guidelines based on elements harmonized at the European level.
Watch The Webinar
On Wednesday, July 10th, we hosted a webinar, Cookie Briefing: Recent Guidance and What it Means to You. Click on the button below to watch now.
Related Resources
You Might Also Like
