The U.K. Information Commissioner’s Office (ICO) has issued advice to businesses and organisation to help ensure compliance to the new EU privacy directive. This advice is, in effect, a guide to getting compliant. The ICO plan to issue further guidance once the regulations are implemented.
There is a little known exception to the regulation that allows cookies to be used without consent if what you are doing is ‘strictly necessary’ for a service requested by the user of your website. While the ICO suggest that this exception should be considered to be a ‘narrow’ one it does suggest that examples would include shopping activities. i.e. “to ensure that when a user of your site has chosen the goods they wish to buy and clicks the ‘add to basket’ or ‘proceed to checkout’ button, your site ‘remembers’ what they have chosen on a previous page. You would not need to get consent for this type of activity.”
ICO has urged businesses and organisations to:
The ICO also discusses various options for obtaining user consent through the use of pop-ups, terms and conditions, and similar solutions. “What is clear is that the more directly the use of a cookie or similar technology relates to the user’s personal information, the more carefully you need to think about how you get consent,” concluded the ICO.
You can read the full ICO guidance here. The ICO may provide further guidance as the regulations roll out and are implemented; “We will be keeping the situation under review and will consider more detailed advice if appropriate in future.”
WiseTiger will keep abreast of this and will update you here, so keep coming back