Does the new cookies guidance take the biscuit?!
Significant changes may be required to the ways that the providers of websites and mobile apps use cookies following the publication by the ICO of guidance on the use of cookies and other similar technologies.
The position on the use of cookies and the level of consent required in order to use such cookies has been unclear for some time, particularly following the changes to the standard of consent brought about by the GDPR. The intention was for cookie laws to be reformed as part of a wider revamp of the e-privacy legislation and for such reforms to take effect on the 25 May 2018 to coincide with the GDPR. However, almost 18 months on, the new laws have yet to come into force.
This guidance therefore provides such much-needed clarity but may also lead to a number of website and app owners having to rethink how they currently go about obtaining consent.
Some of the key takeaways from the guidance include:
- You must provide people with clear information about the cookies that you intend to use and the purposes and duration of such cookies. Such information should be provided in such a way that users will see it when they first visit your site or app (for example by way of a cookie pop-up).
- Consent must be obtained in order to use non-essential cookies. The GDPR standard of consent applies which means that it must be demonstrated by a clear, affirmative action such as actively ticking a box. Pre-ticked boxes or ‘on’ sliders are not allowed. Similarly, simply continuing to navigate or browse through a website will not satisfy this requirement.
- Consent must be obtained before the cookies are enabled – this means that non-essential cookies cannot be placed on the homepage of a website or app if a user has not yet had the opportunity to consent to their use.
- Consent is not required for what are known as "strictly necessary cookies" i.e. cookies that are essential to provide a service requested by the user or to comply with any other legislation. Examples given are cookies that ensure that when a user adds goods to a basket on an e-commerce site, the site remembers what items they placed in that basket when the user proceeds to the checkout.
- If you use third-party cookies on your website, you must identify the third parties and the purposes for which such cookies will be used.
For more information on the guidance and its implications, please contact our TMT team.