CookieLaw Blog February 1, 2013

ICO Website Creates New Implied Consent Reference Model

Last week the ICO gave us advance notice that they were going to change their website to an implied consent model of cookie law compliance.

In a move that is bound to create a new reference model for cookie law compliance, the change over took place after close of business on January 31st.

The change, which will be welcomed by many, came as no great surprise. It had been trailed in conferences and the Twittersphere since before the end of 2012. However in the last few days, many of their detractors and anti-cookie law activists have taken the opportunity to accuse them of a U-turn in policy.

This started even before the changes to the site were published, and several mis-leading articles and blogs went so far as to declare the cookie law is dead.

The reality is far from this.  The law is still with us and has not changed.  However, this development should and almost certainly will be welcomed by all responsible website owners who want nothing more than to ensure they are playing by the rules.

The previous opt-in model that the ICO website used, was put in place in May 2011 was at odds with their guidance from May 2012 that implied consent is an acceptable model for complying with the law in most cases. 

Most website owners didn’t want opt-in if they could avoid it, so of course have tried to implement an implied consent approach with their websites.  However, there was really no unambiguously acceptable model to follow, as the ICO guidance left a lot of room for interpretation, or even wilful mis-reading.

The result was the situation we have seen until now, a wide spectrum of different interpretations of implied consent, many of which appear to fall short of the guidance.  Some of these leave the average consumer just as much in the dark as they were before, and many site owners have remained confused about how to comply.

Now, what we have is what will inevitably be seen as a new reference model of compliance by implied consent.  I expect the ICO will say that their approach is not the only possible solution to the problem, but then they have to say that, or be accused of being prescriptive and stifling innovation.

However, anyone wanting to play safe now has a model to follow that is pretty much guaranteed to protect them from enforcement action.  There would have to be a very strong case made against someone that simply copied what the ICO has done.

So what is the essence of their approach?

  • They have a prominent, first line banner notice that shows up for all visitors, telling them that cookies are being used.
  • This links through to a more detailed information page, where we get a categorised description of the different uses of cookies, along with a listing of the cookie IDs.
  • They then provide on-page functionality to refuse the acceptance of cookies, and block them for future visits.

The approach is simple, practical and straightforward.  Pretty much any website copying this model should find itself safe from enforcement with minimal disruption to the user experience unless visitors are actively interested in engaging and controlling their privacy, as is their right.

The really good news is that all this functionality, and more, is available through the Optanon website plug-in.

Any website wanting to comply can use Optanon to display a cookie notification and provide simple opt-out user control. In doing so they can now be confident they are following the ICO’s model, from £295 per year

Plus with our customisation services, you can make Optanon an integral part of your site’s design, making it look a lot less like a bolt-on and more like business as usual.

Recent Posts


January 13, 2017
Future of EU Cookie Compliance Webinar: ...

GDPR and now the proposed E-Privacy Regulation mean a stricter regime for cookie compliance, web governance and use of online tracking technologies. Join p...

View Article
Recent blog thumbnail
December 14, 2016
Draft EU ePrivacy Regulation Leaked...

A draft of the proposed legislation to replace the outdated EU ePrivacy Directive was leaked on the Politico.eu (PDF) website this week. The proposal is fo...

View Article
Recent blog thumbnail
November 3, 2016
GDPR Compliance Means Cookie Notices Mus...

Are you one of those people that ticked the cookie law box ages ago and not thought about it since? Well the game has changed and now is the time to re-vis...

View Article
Recent blog thumbnail
September 21, 2016
Optanon Acquired by OneTrust...

We are pleased to announce that Optanon, along with parent company Governor Technology, has been acquired by OneTrust....

View Article

Be in the Know

Subscribe to our newsletter

Onetrust All Rights Reserved