The ICO’s guidance on cookie regulations has left small businesses in the dark. The Information Commissioner’s Office (ICO) just released information about the new cookie rule that is due to take effect as quickly as next week.
After careful study if the document it is still difficult to determine how the law will apply to the average small business or what changes need to be carried out in order to comply with legislation before it takes affect May 26.
What is behind the legislation is the site owners, before just dropping cookies on the visitor’s smartphone, PC, laptop or other mobile gadget , must seek consent. It would be a very laudable gesture to think users would have to give some sort of expresses consent before the dumping of cookies started, but if you think what that would mean in theory, it would create a Pandora’s box that no one would want to open.
Even the ICO has admitted that getting consent may be a challenge in many cases, which may be the biggest understatement of the IT generation to date. It continues down hill from there with the talk of getting consent for third party cookies being complex and suggests website owners make sure users are getting the correct information but does not give any detail as to what that correct information is or may be.
The bottom line is website owners must take a judgment as to how to comply with the new legislation hoping that if there are customer complaints, the authorities will think and agree that you were right in what you did. It is like saying the Government not listing speed limits and making you have to justify to a police officer your speed when they stop you.
As strictly necessary cookies will not need consent the legislation says the owner needs to decide which ones are strictly necessary and will be interpreted narrowly. They gave one example as a strictly necessary cookie as the one needed to store the shopping cart contents prior to checking out.