ICO Publishes Guidance on Cookies

UK data regulator the ICO has published guidelines on the use of cookies, reflecting changes in the light of the EU's General Data Protection Regulation (GDPR), in force now for just over a year.

Rules on the use of cookies are actually contained in another law, the Privacy and Electronic Communications Regulations (PECR), but the latter now takes many of its definitions from the GDPR, including that of 'consent'. The guidelines, penned by the ICO's Head of Technology Policy Ali Shah, seek to dispel a number of 'myths'. Among these are the idea that a firm 'can rely on implied consent for the use of cookies' - no longer valid because GDPR sets a much higher standard for consent, with implied consent no longer acceptable, and consent required any time cookies are not 'strictly necessary'; that a cookie wall can be used to restrict access to a site until users consent - as this is too much of a blanket approach to represent valid consent - although the ICO is still listening to opinions on this; that 'legitimate interest' is not a sufficient justification for non-essential cookies.

The note states that the ICO 'supports innovation in the digital economy, but this should be side-by-side with privacy', and in terms of the implications it suggests: 'For many of you, very little may change. But for others, more work will have to be done - and you should start taking steps to comply now'.

Web site: www.ico.org.uk .


MrWeb / DRNO does not use or intend to use cookies.

All articles 2006-23 written and edited by Mel Crowther and/or Nick Thomas, 2024- by Nick Thomas, unless otherwise stated.