Batch of the day - Guidance about the use of cookies on UK websites v0.2 - Flipbook - Page 8
08
09
Getting to the heart of the batter
Just chipping in…
Compliance with cookie law
Frequently asked questions
Can we rely on a user’s browser settings and other control
Does our consent mechanism need to allow users to control
mechanisms?
ALL cookies (including third party cookies)?
No. You cannot assume that each visitor to your online service can
Yes. ICO guidance acknowledges that in practice this can be
configure their browser settings to correctly reflect their preferences
challenging, but says, "a consent mechanism that works only for
in relation to the setting of cookies.
some of the cookies would not be compliant".
Can we use ‘terms and conditions’ to gain consent for cookies?
Will continuing to browse our website constitute valid consent?
Cookie policy: ICO guidance says you should provide information about cookies “in a privacy or cookie
No. Consent must be separate from other matters and cannot be
No. ICO guidance makes it clear that "continuing to browse" is not an
policy accessed through a link within the consent mechanism and at the top or bottom of your website”.
bundled into terms and conditions or privacy notices.
affirmative action.
information your users will want to consider" and that it may also be helpful to provide a broader
Can we pre-enable any non-essential cookies?
Does cookie law apply if our website is hosted outside the UK?
explanation, for example, a description of the types of things you use analytics cookies for.
No. Enabling a non-essential cookie without the user taking a
Yes, if you are based in the UK (even if your website is hosted
positive action before it is set on their device will mean that you have
overseas, e.g., using cloud services based in the USA).
To comply with cookie law, you need to:
Provide information about cookies in a way that intended users will easily see and understand, when they first visit your site; and
Facilitate a means to obtain consent (where needed) for the placing of cookies.
Doing this requires the combined use of a cookie policy and a cookie consent mechanism (aka cookie consent platform).
The guidance also says that long tables or detailed lists of all the cookies on the site "may be the type of
Cookie consent mechanism: ICO guidance
not obtained valid consent.
Can we encourage users to ‘agree’ or ‘allow’ cookies over
says: “How you request consent for cookies will
depend initially on what the cookies in use are
Are our analytics cookies exempt from needing consent?
‘reject’ cookies?
doing and, to some extent, on the relationship
No. Analytics cookies do not fall within the ‘strictly necessary’
No. Consent options that use ‘nudge behaviour’ to encourage users
you have with your users.” In other words, there
exemption.
to accept cookies are invalid.
is no prescribed way of going about obtaining
consent. However, remember that you need to
Is implied consent valid?
ensure that any consent mechanism puts users
No. Valid consent requires a positive action by the user, e.g.,
in control of cookies.
clicking on a box or ‘button’.