ICO Changes Cookies Policy on Own Site

January 22, 2013

It is not as if the Pope has just embraced Satan and all his works, but many will be surprised that even the enforcer of the cookies law has chosen to soften its stance. The absolute purists will say that the ICO’s acceptance of implied consent to the setting of cookies on first arrival at its site is a breach of the requirement to consent. However, the ICO has been consistent in its policy that implied consent fulfils the requirements for consent and the new policy is said to be in line with increased awareness. 

The new policy is to take effect from the end of January. The ICO statement on its site is set out below:

We will shortly be changing the way we gain users’ consent for setting cookies on our website. This will include setting cookies from the time users arrive on our site.
The aim is to help us collect reliable information to make our website better, while remaining compliant with the rules on cookies and our own guidance. For those who don’t want cookies, we’ll be providing an easy way to remove them.
We plan to go live with the change from the end of January.

The cookies we currently use are explained in detail in our privacy policy [link] and we will add to the information we provide when we make the change. Cookies are used mainly to give us information that helps us make the website better. By finding out how people use the website, we can make improvements that will help more people get the important information they need to either exercise their information rights or meet their obligations. The information collected via the cookies does not identify anyone.

The key features of the change will be:

·        Cookies set on arrival to the site.

·        New cookies banner displayed. Banner explains that the website uses cookies and that cookies have been set, tells users they can change their cookie settings (via a new cookies page), or continue to use the site.

·        New ‘Cookies’ page (separate from our Privacy notice, but linked to and from it) to increase prominence of the information.

·        Users given clear, detailed information about the cookies set and how to manage them, and new buttons allowing users to delete or allow non-essential cookies.

At about the same time, we’re also taking advantage of a feature that was recently made available, which limits the geographical information collected by our analytics cookies.

Questions and answers

Why is the ICO doing this?

We are making this change so that we can get reliable information to make our website better.

What about the rules on cookies?

It’s important to us that we are compliant with the rules on cookies and our own guidance in this area. We have previously issued guidance on implied consent [link] and our plans remain consistent with this guidance. We will continue to make it clear to users that our site uses cookies; in addition we’ll be making it clear that cookies have been set, and providing an easy way for users to make choices about the cookies on our site.

Why make this change now?

We first introduced a notice about cookies in May 2011, and at that time we chose to ask for explicit consent for cookies. We felt this was appropriate at the time, considering that many people didn’t know much about cookies and what they were used for. We also considered that asking for explicit consent would help raise awareness about cookies, both for users and website owners. Since then, many more people are aware of cookies – both because of what we’ve been doing, and other websites taking their own steps to comply. We now consider it’s appropriate for us to rely on a responsible implementation of implied consent, as indeed have many other websites.