It’s been a long time coming, but the ICO has finally published its long-awaited Cookie Guidance Policy. While they may be guidelines, there is also a legal obligation to comply. It is the Regulators official new guidance on their interpretation of the legislation and the courts will take notice of it…
Here are some of the most important updates to the ICO’s cookie guidelines:
Not all cookies are equal:
Some cookies are essential for a website to operate, if a cookie is essential and ‘necessary’, then you need to be transparent about their presence, but permission to use is not required. However, any cookie which is not strictly ‘necessary’ to the operation of the site, for example Google Analytics, well, for these you need permission to use.
You must not rely on implied consent:
Supply more detailed cookie-usage information:
Not only must users actively opt-in, usually with a tick-box, link or pop-up, but they must also have access to all information about the cookies that your site uses.
Third parties must be made obvious and avoidable:
Third party companies must also be clearly named (such as Facebook pixels) and should explain how these third parties use any information gathered through cookies. This includes Google Analytics or any other tracking tool. If users do not opt-IN to use Google Analytics, then you cannot record time spent on pages. The Regulator argument here is that your website functionality is not affected by analytics as such and therefore, they are not essential.
You must not try to influence your users:
Do not block users from accessing your content who have denied cookies:
Call us on 01673 88 55 33 for more information today.How do I measure GDPR compliance?