Recent ICO Guidance on Cookies
- Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR)
- The General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR)
Here are the main takeaways and what it might mean for you:
Implied consent is no longer acceptable
Essentially, this is referring to the type of cookie consent banner that disappears if a user ignores the banner. Your website’s consent banner must clearly state what cookies will be set and the user must take positive action to consent to non-essential cookies. Consent is not required for cookies that are defined as necessary for providing service to the user. For example, a cookie required to make a video play on your website – users do not have to provide consent for this type of cookie because it is necessary to make the video load properly. See the below changes regarding what’s classified as strictly necessary cookies.
‘Strictly Necessary’ exemptions have changed (i.e. Cookies used for Google Analytics and advertising purposes)
Companies are required to be clear with users about the purpose of storing information and requesting consent. As mentioned above, cookies relating to the functionality of a website do not require consent, but cookies for analytics, social media and advertising now require consent to track data.
Items that DO meet the ‘strictly necessary’ exemption
- Cookies that are used to remember items that a user purchases or adds to a shopping cart
- Cookies used that must comply with GDPR’s security principle, such as a connection with an online banking service
- Cookies that help increase the page load time
Items that DO NOT meet the ‘strictly necessary’ exemption
- Cookies used for website analytics
- Cookies used for first and third-party advertising
- Cookies used to recognize a user when returning to a website
Additionally, in late June, the French data protection authority (CNIL) and other data protection authorities announced that it will repeal its 2013 cookie recommendation in July 2019 and will publish updated guidelines based on elements harmonized at the European level.
Watch The Webinar
On Wednesday, July 10th, we hosted a webinar, Cookie Briefing: Recent Guidance and What it Means to You. Click on the button below to watch now.