• New Opt-in Privacy Rule for Cookies
  • December 15, 2011
  • Law Firm: SNR Denton - Chicago Office
  • Introduction

    The Information Commissioner’s Office (ICO) has just published its “half term report” on enforcing the new cookies law. The law, which came into force in May 2011, requires you to obtain opt-in user consent in order to deploy website cookies. A cookie is a small file placed by websites on the PC of the user to help it “recognise” the user and to make the website work. Cookies are used by most commercial websites.

    The opt-in rule is very challenging for business. The ICO has just provided updated guidance for UK website owners. A clear message was sent: website owners “could do better” and “must try harder” on compliance.

    The Updated Guidance

    The updated guidance builds on the existing advice available and includes specific examples of how to comply. Interesting points to note include the following:

    • The ICO has indicated that in the future, websites may be able to rely on the user’s browser settings to satisfy the requirement of consent when setting cookies. At present, however, the ICO says that most browser settings are not sophisticated enough for websites to assume consent. The government is working with major browser manufacturers to establish which browser level solutions will be available and when.
    • Further detail was given on the meaning of consent. The advice says “consent must involve some form of communication where an individual knowingly indicates their acceptance”.
    • The ICO is working with the industry and other European data protection authorities to assist with the challenging issue of achieving compliance in relation to third party cookies.
    • The ICO will focus its regulatory efforts on the most intrusive cookies or where there is a clear privacy impact on individuals.

    The half term report and updated guidance for UK website owners is available using the following link: