skip to main content
CookiePro Blog July 23, 2019

Briefing on Cookies: Recent ICO Guidance and What it Means for You

Recent online privacy laws have been “all the rage” in recent years, making it crucial for companies big and small to follow, comply and keep up with. These laws require companies with websites that use cookies to inform visitors that data may be collected as they browse on their website. As laws state, companies must also provide visitors with the option to choose what information they are willing to share.

The UK Information Commissioner’s Office (ICO) released new guidance on the use of cookies and similar technologies, providing updated directions for complying with the following laws:        

  • Privacy and Electronic Communications (EC Directive) Regulations 2003 (‘PECR’)        
  • The General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’)

Here are the main takeaways and what it might mean for you:

Implied consent is no longer acceptable

Essentially, this is referring to the type of cookie consent banner that disappears if a user ignores the banner. Your website’s consent banner must clearly state what cookies will be set and the user must take a positive action to consent to non-essential cookies. Consent is not required for cookies that are defined as necessary to providing service to the user. For example, a cookie required to make a video play on your website – users do not have to provide consent for this type of cookie because it is necessary to make the video load properly. See the below changes regarding what’s classified as strictly necessary cookies. 

‘Strictly Necessary’ exemptions have changed (i.e. Cookies used for Google Analytics and advertising purposes)

Companies are required to be clear with users about the purpose for storing information and requesting consent. As mentioned above, cookies relating to the functionality of a website do not require consent, but cookies for analytics, social media and advertising now require consent to track data.

Items that DO meet the ‘strictly necessary’ exemption  

  • Cookies that are used to remember items that a user purchases or adds to a shopping cart        
  • Cookies used that must comply with GDPR’s security principle, such as a connection with an online banking service       
  • Cookies that help increase the page load time

Items that DO NOT meet the ‘strictly necessary’ exemption   

  • Cookies used for website analytics
  • Cookies used for first and third-party advertising
  • Cookies used to recognize a user when returning to a website

Additionally, in late June, the French data protection authority (CNIL) and other data protection authorities announced that it will repeal its 2013 cookie recommendation in July 2019 and will publish updated guidelines based on elements harmonized at the European level.

Recent Posts

[WEBINAR] Prepare for CCPA with CookiePro
[WEBINAR] Prepare for CCPA with CookiePro
Join the CookiePro team for a CCPA preparation webinar on Friday, November 22 at 11:30 pm.
+ View Article
CCPA Compliance Checklist: 8-Week Countdown
CCPA Compliance Checklist: 8-Week Countdown
Learn about #3 off of our CCPA Compliance Checklist which focuses on the consumer right called the Right to Inform.
+ View Article
Mobile-Responsive Consent Management is Key
Mobile-Responsive Consent Management is Key
With the increase of web browsing on mobile devices and tablets, it's important to partner with a consent management tool that provides...
+ View Article
CookiePro Sponsors Seattle WordPress WordCamp
CookiePro Sponsors Seattle WordPress WordCamp
CookiePro is heading to Seattle to participate in the WordPress WordCamp Seattle to connect with WordPress enthusiasts from around the...
+ View Article