ICO: browser settings not enough for cookies law
By Nicole Kobie
Posted on 9 May 2011 at 11:16
Web firms can't rely on browser settings to help them comply with new anti-cookie laws, the Information Commissioner's Office has said.
The ICO has finally released its guidance on how websites can comply with a new EU directive that requires consent for non-essential cookies, ahead of a looming 26 May deadline.
Despite the Government suggesting the problem might be solved using browser settings - such as do-not-follow lists in Firefox and IE9 - the ICO has said such systems are simply not strong enough.
"At present, most browser settings are not sophisticated enough to allow you to assume that the user has given their consent to allow your website to set a cookie," the guidance says, noting users may access sites via apps instead of browsers, and may not have the most recent versions with the latest cookie controls built in.
This advice is very much a work in progress and doesn’t yet provide all of the answers
Instead, the ICO suggested a few other methods for websites to consider, including pop-ups, although it admitted those "might well spoil the experience of using a website if you use several cookies".
The ICO also suggested using the terms and conditions of the site for those that offer accounts or require logins, although it stressed websites must make sure users fully understand the changes they are agreeing to, and not just bury the changes where they won't be noticed.
Websites could also consider alerting users to cookies in settings for specific features on the site, such as video or language preferences, or highlighting at the top or bottom of the site when third-party cookies, such as for analytics or advertising, are being used.
Consent is not needed for those cookies that are "strictly necessary" for a service requested by a user - such as for logins or online checkouts.
"The exception would not apply, for example, just because you have decided that your website is more attractive if you remember users’ preferences or if you decide to use a cookie to collect statistical information about the use of your website," the ICO noted.
Information Commissioner Christopher Graham said his organisation "welcomed" feedback on the guidance. "This advice is very much a work in progress and doesn’t yet provide all of the answers."
The ICO said it may offer more "detailed advice" in the future, but said "we do not intend to issue prescriptive lists on how to comply".
No enforcement yet
Web companies need not panic over the vague guidance and tight deadline, as the ICO has reiterated that it has no immediate plans to take action against sites that don't comply.
The ICO said it will issue "separate guidance" on how it plans to enforce the new regulations, but stressed it would only investigate websites after receiving a complaint, and then will merely require sites to show they have a "realistic plan to achieve compliance".
However, Graham said the ICO will "undoubtedly" receive complaints about websites as the law goes live, and advised companies to start making changes now.
The ICO will also "shortly" release advice for consumers regarding the new cookie rules.
Is your business a social business? For helpful info and tips visit our hub.
"Web companies need not panic over the vague guidance and tight deadline, as the ICO has reiterated that it has no immediate plans to take action against sites that don't comply."
The ICO policeman says he will turn a blind eye to the Law.... and will also land in the dock when it is discovered he was NEGLIGENT.
Is it only my opinion the ICO is starting to look incompetent like the Communications Minister; Ed Vaizey?
If the Phorm/BT fiasco is anything to go by, UK will be reported DIRECTLY to the EU and it will be they that take UK Companies to court along with UK.Government. This is incompetent as the Tax Payer and Companies will get a heavy fine.
What the ICO and Minister also said is that "It is up those responsible to comply with the EU Directives by 26 May". Thus anyone reading the Directive will know it is up to THEM TO COMPLY BY THE SAID DATE.
It will be LAW and everyone MUST comply by 25 May 2011.
Mitigating Circumstances that you were told you were NOT going to be prosecuted (by any incompetents) will not hold up in Law.
By lenmontieth on 9 May 2011
- Move over Delia: IBM Watson is cooking tonight
- Eric Schmidt on the double-edged smartphone: friend and foe
- Getty joins the race to the bottom
- Hour of Code: five steps to learn how to code
- Sony Xperia Z2 Tablet review: first look
- Sony Xperia Z2 review: first look
- Samsung Galaxy Gear 2 review: first look
- Nokia XL review: first look
- Samsung Galaxy S5 review: first look
- Nokia X review: first look
- Windows Server 2012 R2: how the Datacenter edition could change SMBs
- Invoices and VAT: how to set up your documents correctly
- Nexus 5 vs Samsung Galaxy S4 Active: the best phone for avoiding screen burn
- How much is a social user worth?
- The key to choosing a secure password
- Thunderbolt Bridge: a fast Mac migration tool
- Should you advertise on Twitter?
- How to track a lost smartphone
- Self-publishing success: the best way to sell your book
- 1.6TB SSD: why would you need one?