ICO Website Creates New Implied Consent Reference Model

By: Richard Beaumont | Friday, February 1, 2013 | Tagged: ICO, Implied Consent | 3 Comments

Last week the ICO gave us advance notice that they were going to change their website to an implied consent model of cookie law compliance.

In a move that is bound to create a new reference model for cookie law compliance, the change over took place after close of business on January 31st.

The change, which will be welcomed by many, came as no great surprise. It had been trailed in conferences and the Twittersphere since before the end of 2012. However in the last few days, many of their detractors and anti-cookie law activists have taken the opportunity to accuse them of a U-turn in policy.

This started even before the changes to the site were published, and several mis-leading articles and blogs went so far as to declare the cookie law is dead.

The reality is far from this.  The law is still with us and has not changed.  However, this development should and almost certainly will be welcomed by all responsible website owners who want nothing more than to ensure they are playing by the rules.

The previous opt-in model that the ICO website used, was put in place in May 2011 was at odds with their guidance from May 2012 that implied consent is an acceptable model for complying with the law in most cases. 

Most website owners didn't want opt-in if they could avoid it, so of course have tried to implement an implied consent approach with their websites.  However, there was really no unambiguously acceptable model to follow, as the ICO guidance left a lot of room for interpretation, or even wilful mis-reading.

The result was the situation we have seen until now, a wide spectrum of different interpretations of implied consent, many of which appear to fall short of the guidance.  Some of these leave the average consumer just as much in the dark as they were before, and many site owners have remained confused about how to comply.

Now, what we have is what will inevitably be seen as a new reference model of compliance by implied consent.  I expect the ICO will say that their approach is not the only possible solution to the problem, but then they have to say that, or be accused of being prescriptive and stifling innovation.

However, anyone wanting to play safe now has a model to follow that is pretty much guaranteed to protect them from enforcement action.  There would have to be a very strong case made against someone that simply copied what the ICO has done.

So what is the essence of their approach?

  • They have a prominent, first line banner notice that shows up for all visitors, telling them that cookies are being used.
  • This links through to a more detailed information page, where we get a categorised description of the different uses of cookies, along with a listing of the cookie IDs.
  • They then provide on-page functionality to refuse the acceptance of cookies, and block them for future visits.

The approach is simple, practical and straightforward.  Pretty much any website copying this model should find itself safe from enforcement with minimal disruption to the user experience unless visitors are actively interested in engaging and controlling their privacy, as is their right.

The really good news is that all this functionality, and more, is available through the Optanon website plug-in.

Any website wanting to comply can use Optanon to display a cookie notification and provide simple opt-out user control. In doing so they can now be confident they are following the ICO's model, from £295 per year

Plus with our customisation services, you can make Optanon an integral part of your site's design, making it look a lot less like a bolt-on and more like business as usual.

3 Comments

James

Posted on Tuesday, November 19, 2013

Surely the fact that the message disappears from their screen after the 1st visit, means that cookies are in force. - If someone clicks 'I DONT ACCEPT', how will the website REMEMBER that this user DOESN'T want cookies?

Sagee

Posted on 05/02/2012

The ICO approach is a more easy approch that what was assumed before, in addition i think it is important to note that once the user has visited the more info page for the cookies in use the message then disappears from the screen

Richard Beaumont

Posted on Tuesday, November 19, 2013

The law allows you to use cookies for necessary purposes - and clearly remembering that you don't want other cookies, is one of those purposes. What is critical in their implementation, that many websites fail to follow, is that they enable you to refuse the future setting of cookies from their site. This is where I feel where many 'compliance' solutions fail to actually comply with the law.

Your Name *Please enter your name

Your e-mail address *Please enter a valid email addressPlease enter your email address

Your message *Please enter your message

We are using cookies to give you the best experience on our site. Cookies are files stored in your browser and are used by most websites to help personalise your web experience.

By continuing to use our website without changing the settings, you are agreeing to our use of cookies.