The new EU law states that user consent must be sought for websites using cookies – read more here on the ICO website. This came into force on 26th May 2011 and gave a year ‘grace’ period which has now ended.
The ICO released updated guidelines to websites looking to comply with the cookie law on Friday 25 May – the last working day of their one year grace period for enforcement. This latest document sets out much stronger support for the Implied Consent approach to compliance than previously – they state:
Our latest guidance (May 2012) sets out the changes to the cookies law and explains the steps you need to take to ensure you comply. The updated guidance provides additional information around the issue of implied consent:
- Implied consent is a valid form of consent and can be used in the context of compliance with the revised rules on cookies.
- If you are relying on implied consent you need to be satisfied that your users understand that their actions will result in cookies being set. Without this understanding you do not have their informed consent.
- In some circumstances, for example where you are collecting sensitive personal data such as health information, you might feel that explicit consent is more appropriate.