The Information Commissioner’s Office has announced that it will be following its own advice on Cookie Law compliance from the end of January 2013, by allowing implied consent. 

When the new law on cookies was first introduced in 2011, websites were (in theory) going to have to refrain from setting cookies on visitors’ computers until those visitors had explicitly consented to them doing so. Of course, this is unworkable in practice because if a visitor does not give consent for cookies to be set, the only way for the website to remember that preference is to set a cookie.

While the law was scheduled to come into effect in 2011, a lack of publicity and clear guidance meant its implementation had to be postponed, with website owners given a further 12 months to prepare and a new start date arranged for May 2012.

From the original planned date of the Cookie Law’s start, all the way through till two days before the rearranged start date (a period of one year) the guidance from the ICO remained unchanged and obtaining explicit consent from website visitors was going to be the only way to achieve compliance. BBI produced a video two months before the law came into effect, explaining how compliance could be achieved and, being a hot topic at the time, received thousands of views.

With 48 hours to go until launch, the ICO changed its mind and decided that website owners would only need to obtain implied consent in order to comply with the new law. This was a huge change. It meant that instead of websites having to tell visitors they would like to set cookies but would not do so until having received permission, they could simply say, “we have set cookies, if you carry on browsing our website we will assume you are okay with this”.

Since then, thousands of companies have followed the revised guidance and you can see discreet banners on many websites that say something along the lines of: “We use cookies”. These often have a button you can click to acknowledge that you have read the message or to visit the website’s privacy policy, but what they certainly do not contain is a mechanism that restricts the deployment of cookies until the visitor has expressly given consent.

Except on the ICO’s own website.

For some inexplicable reason, after going to the trouble of revising its own guidance (presumably after a great deal of consultation and research), the ICO decided to stick with its original guidance where its own website was concerned.

There was no obvious logic behind this move and no explanation given (the ICO is of course funded by public money and is accordingly free from the shackles of accountability that hinder private business).

As illogical as failing to take its own advice was, the ICO has again bowled its spectators a googly by implementing that advice now. The official reason given by the ICO for adopting its own advice at this late stage is: “We are making this change so that we can get reliable information to make our website better”.

While its explanation is brief, clearly explained within it is the biggest problem the ICO has faced since requiring explicit consent; the same problem that many commentators predicted before implied consent was deemed acceptable, i.e. visitors have not given consent to cookies and therefore website analytics cookies have not been deployed, which has meant the ICO has been unable to see how visitors use its website.

It would be easy to criticise the ICO at this stage and make a noise like Homer Simpson finally seeing the light, but the truth is that the ICO have tried one method that they suspected would be problematic and seen it fail. Now the ICO’s website can be updated to employ a Cookie Law compliance solution that works (implied consent) AND it will always be able to point back to the eight months between May 2012 and Jan 2013 when asked why the need for explicit consent to cookies was dropped.

BBI has been installing Cookie Law compliance solutions to its clients' websites since the law was first announced and if you would like more information on this topic, or would like help bringing your own website into line, please contact us.

Sources:

ICO news update January 2013.

Brandboost video on the Cookie Law 2012.