The changes to the existing Privacy and Electronic Communications Regulations (the Regulations) are set to have a significant impact on the way in which cookies (small text files that remember what a user has visited on the internet) are used by website operators. Click here for our commentary on the changes.
The Information Commissioner's Office (ICO) recommends taking the following steps to ensure compliance:
1. Review what type of cookies your website stores and how the information is used
According to the guidance, this could involve carrying out an audit of your website or reviewing what data files are placed on user devices and why. Web providers should also review which cookies are strictly necessary to the provision of their services and therefore excluded from the requirements for consent.
2. Assess how intrusive your use of cookies is and adopt a solution to obtaining user’s consent based on the level of intrusiveness
The ICO has suggested that the level of consent and information required will vary according to how much the relevant activity intrudes individual user’s privacy, commenting that “the more privacy intrusive your activity, the more priority you will need to give to getting meaningful consent.”
As such, more straightforward consent methods may be sufficient in circumstances where cookies are used to store information which has a minimal impact on user privacy. On the other end of the intrusiveness spectrum, where cookies are used to create detailed profiles tracking an individual’s browsing activity, web providers will have to provide more information and offer more detailed choices to their users.
3. Take action to implement these solutions NOW
The steps to compliance suggested by the ICO are not a prescriptive list. There is no "one-size-fits-all" solution and organisations will be left to decide what works best for them.
The key point to note is that businesses will need to take action to ensure they are on the right side of the law as soon as possible.
The ICO is yet to publish guidance on how it intends to enforce the Regulations but has indicated that it intends to phase in enforcement in stages. Although businesses will not be expected to achieve perfect compliance immediately they will, at the very least, be expected to be seen to be making an effort to plan how they will comply.
Please click here for a copy of the ICO's full guidance on how to prepare for the new rules on cookies.
For the full article click here.
Social Media cookies collect information about you sharing information from our website via social media tools, or analytics to understand your browsing between social media tools or our Social Media campaigns and our own websites. We do this to optimise the mix of channels to provide you with our content. Details concerning the tools in use are in our privacy policy.