Friday, February 01, 2013
Last week the ICO gave us advance notice that they were going to
change their website to an implied consent model of cookie law
In a move that is bound to create a new reference model for
cookie law compliance, the change over took place after close of
business on January 31st.
The change, which will be welcomed by many, came as no great
surprise. It had been trailed in conferences and the Twittersphere
since before the end of 2012. However in the last few days, many of
their detractors and anti-cookie law activists have taken the
opportunity to accuse them of a U-turn in policy.
This started even before the changes to the site were published,
and several mis-leading articles and blogs went so far as to
declare the cookie law is dead.
The reality is far from this. The law is still with us and
has not changed. However, this development should and almost
certainly will be welcomed by all responsible website owners who
want nothing more than to ensure they are playing by the rules.
The previous opt-in model that the ICO website used, was put in place in May
2011 was at odds with their guidance from May 2012 that implied
consent is an acceptable model for complying with the law in most
Most website owners didn't want opt-in if they could avoid it,
so of course have tried to implement an implied consent approach
with their websites. However, there was really no
unambiguously acceptable model to follow, as the ICO guidance left
a lot of room for interpretation, or even wilful mis-reading.
The result was the situation we have seen until now, a wide
spectrum of different interpretations of implied consent, many of
which appear to fall short of the guidance. Some of these
leave the average consumer just as much in the dark as they were
before, and many site owners have remained confused about how to
Now, what we have is what will inevitably be seen as a new
reference model of compliance by implied consent. I expect
the ICO will say that their approach is not the only possible
solution to the problem, but then they have to say that, or be
accused of being prescriptive and stifling innovation.
However, anyone wanting to play safe now has a model to follow
that is pretty much guaranteed to protect them from enforcement
action. There would have to be a very strong case made
against someone that simply copied what the ICO has done.
So what is the essence of their approach?
- They have a prominent, first line banner notice that shows up
for all visitors, telling them that cookies are being used.
- This links through to a more detailed information page, where
we get a categorised description of the different uses of cookies,
along with a listing of the cookie IDs.
- They then provide on-page functionality to refuse the
acceptance of cookies, and block them for future visits.
The approach is simple, practical and straightforward.
Pretty much any website copying this model should find itself safe
from enforcement with minimal disruption to the user experience
unless visitors are actively interested in engaging and controlling
their privacy, as is their right.
The really good news is that all this functionality, and more,
is available through the Optanon website plug-in.
Any website wanting to comply can use Optanon to display a
cookie notification and provide simple opt-out user control. In
doing so they can now be confident they are following the ICO's
model, from £295 per
Plus with our customisation services, you can make Optanon an
integral part of your site's design, making it look a lot less like
a bolt-on and more like business as usual.