Cookies 2019 Year in Review: ICO

In our weekly Cookies 2019 Year-in-Review blog series, we’re covering headlines that were made from regulations in 2019 about privacy regulations and the use of cookies and tracking technologies. This week, we’re focusing on updated guidance from the ICO.

The UK Information Commissioner’s Office (ICO)

Earlier this year on July 3, the UK Information Commissioner’s Office (ICO) issued its updated Guidance on the Use of Cookies and Similar Technologies (the Guidance).

The updated Guidance addresses the requirements for valid consent to cookies, the relationship between the Privacy and Electronic Communications (EC Directive) Regulations 2003 (‘PECR’) and the GDPR, as well as how to comply with cookie rules.

Key Takeaways

1. Consent for non-essential cookies, as required by Section 6(2) of the PECR, implies a clear and affirmative action taken by the user, since a failure to engage with the consent box should not be considered consent to cookies.
2. A user continuing to use the website without engaging with the consent box should not be considered a valid way of expressing consent.
3. The service provider may not need to ask for new consent each time a user visits the website. However, different factors need to be taken into account, such as the frequency of visits, as well as updates of content or functionality. As a result, in some cases the user may need to ‘reconsent’ to cookie settings, such as in the case that the service provider is setting non-essential cookies from a new third party.
4. Analytics cookies are not considered strictly necessary because they are not part of the functionality of the website.
5. Cookie walls should not be considered a valid way of obtaining consent. Individuals shall be provided with a genuine free choice, and consent should not be bundled up as a condition of the service, unless it is necessary for that service.
6. Information in the cookie policy should cover the kinds of cookies intended to be used, the purposed for which they will be placed and duration of the cookie. The cookie policy should be also be provided when a visitor comes to a website.
7. Where the website sets third-party cookies, both the service provider and the third party have a responsibility for providing users with clear information about cookies in order to obtain consent.

CookiePro Website Scanning & Cookie Compliance Product

Using CookiePro, website owners are able to scan websites for third-party trackers and collect cookie consent with branded cookie banners. The following product features are available on-demand.

• Scan your website against the largest database of pre-categorized cookies – Cookiepedia by OneTrust, and get a report of the cookies and online tracking technologies on your website.
• Tailor your cookie banner and preference center and give users advanced control over their cookie settings.
• Customize and tailor your consent approach and generate a detailed Cookie List based on your latest website scan.
• Build an audit trail of detailed records of cookie consent and export visual reports for compliance purposes.