With two weeks to go until implementation of an EU-wide amendment to the law on cookies and consent, the UK's data protection regulator, the Information Commissioner's Office (ICO), has issued initial guidance on compliance. It proposes three actions that organisations can take to mitigate their potential exposure to enforcement action in the short-term. In the meantime, industry and the authorities are working on finding solutions to the most complex and challenging issues presented by the new law.
The guidance confirms that the new rules provide that cookies require consent from a user unless they are "strictly necessary" for a service requested by the user. This exception will be narrowly interpreted by the ICO and is likely to be limited to, for example, cookies that enable you to shop online easily and quickly (using the 'add to basket' and 'proceed to checkout' functions). Other cookies, including all third-party cookies and flash cookies, will be subject to the new consent rule.
As the regulatory authority charged with enforcing these new rules, the ICO has been placed in a very difficult position. While it and the government department responsible for policy and legislation in this area, the Department for Culture Media and Sport (DCMS), are trying to find a practical technical solution, working with browser manufacturers and others, the ICO is going to come under immediate pressure to enforce the new regulations. The ICO intends to issue separate guidance on how it will enforce the rules.
Please see full Alert below for further information.
Firefox recommends the PDF Plugin for Mac OS X for viewing PDF documents in your browser.
We can also show you Legal Updates using the Google Viewer; however, you will need to be logged into Google Docs to view them.
Please choose one of the above to proceed!
LOADING PDF: If there are any problems, click here to download the file.