Daily DashboardEuropean Data Protection Digest

ICO: Informed Cookie Consent Needed To Comply with New EU Law

PRIVACY LAW—EU & UK

May 9, 2011

The UK Information Commissioner's Office (ICO) has published advice on how organizations can comply with a new EU law on the use of cookies, which goes into effect on May 26. "Not surprisingly, the ICO has adopted a pragmatic approach to the controversial cookie consent requirement. However, it is also clear that inaction is not an option," Eduardo Ustaran of Field Fisher Waterhouse LLP told the Daily Dashboard following the release of the ICO's advice on Monday. The changes will require UK websites "to get informed consent from visitors...to store and retrieve information on users' computers." The advice suggests that "most browser settings are not sophisticated enough" to imply consent, so organizations should obtain consent in other ways. Ustaran said organizations should assess what kind of cookies they use and why, "and then take a view on what level of notice and consent is appropriate. As always, legal compliance is a balancing exercise between what is strictly required and what is doable." Information Commissioner Christopher Graham stated the current advice is "very much a work in progress and doesn't yet provide all of the answers." Nicola Fulford of Bristows told the Daily Dashboard, "Whilst this is only the ICO's initial guidance, the direction of travel seems to be to distinguish different types of cookies and their corresponding privacy impact, which makes a lot of sense, together with a focus on alternatives to browser settings for consent. This is where the practical implications will really hit businesses--and cause some dismay as how to actually go about this is still not that clear and will inevitably involve extra steps."
Full Story