Dan Grech

Dan Grech is an Email Marketing Manager for a global luxury fashion retailer.

Some projects include:



Opinions are his own and do...

... not reflect employers or affiliates.

Read more
30 January 2013 - 1:57pm | posted by | 3 comments

ICO change on cookie law takes the biscuit

ICO change on cookie law takes the biscuitICO change on cookie law takes the biscuit

In May 2011, the Information Commissioners Office first announced that websites must explicitly seek consent for cookies (cookies are text files that record your activity online).

The EU laws came into action in the UK when the Privacy and Electronic Communications Regulations (PECR) was amended. The ICO opted to place a year's hiatus on its enforcement (a fine of up to £500,000) to give organisations time to implement a technical solution that complied with the legal framework.

Today, it was announced that the UK's privacy watchdog will no longer require individuals' explicit consent in order to serve them with 'cookies' when they visit its website.

Out-law stated:

"The Information Commissioner's Office (ICO) has said that anyone who visits its website from "the end of January" will receive cookies. It said individuals will be given "clear, detailed information" about what cookies have been set and will also be given access to an "easy way to remove them" if they do not want them set on their machines or devices."

Naturally, some webmasters are outraged at the removal of this law after investing time and money into compliance tactics. I personally have never felt threatened by the use of my cookies, but perhaps that's more of a Gen Y attitude. As for this almost U-turn in compliance laws I'd like to see some compensation claims put to the ICO.

Did you add a pop-up or banner to your site requiring Internet users to opt-in to sharing their cookies? Or were you waiting for the deadline?

As expected, there's a Tumblr blog dedicated to EU Cookie Law UIs to comply.


30 Jan 2013 - 15:37

This article is badly mis-informed. The law has not changed, websites still need to comply with it. All that is happening is that the ICO is changing its site to be in line with its own guidelines.

30 Jan 2013 - 17:08

This article is indeed misleading, which does your readership a disservice. The author says "Naturally, some webmasters are outraged at the removal of this law after investing time and money into compliance tactics"

1) The law is still in effect on a continent-wide level. It has not been "removed." 2) The law did not change this week with the announcement of the removal of the banner. It changed last May. After spending a year telling UK site administrators to switch to an explicit consent process, ICO went live with the law on the compliance deadline day and announced that implied consent would be permitted as long as the cookies were discussed at some place on the site.

In other words, every bit of work that had been done putting in all those banners and popup boxes was a waste. Yet as anyone who has worked in an office knows, if you are going to commit a lot of time and budget to implementing something, you cannot delete the work the day it goes live. And so many organisations - including ICO, the goalpost movers themselves - left the explicit consent banners and boxes live to justify the work put into creating them.

Stranger still, for a time last year, you could not get past ICO's own home page without ticking the explicit cookie law opt-in box in the banner. Even if this was a technical mistake, it was a disastrous one. The law was meant to address intrusive third party advertisers collecting and storing information about innocent consumers; yet thanks to ICO, the public's access to basic statutory legal information in textual format was contingent on cookie opt-in. That was never what this law was intended to do.

Ironically the poor deployment and constant goalpost-switching around the mechanisms of the cookie law have meant that we've had no time to hold a meaningful discussion about online privacy and consumer protection. The banner's takedown is a tacit admission of that.

I've written and presented extensively on the law, and you can read the work here http://idea15.wordpress.com/category/eu-cookie-law/

1 Feb 2013 - 08:52

This is what the ICO changes really mean for website owners: http://www.cookielaw.org/blog/2013/2/1/ico-website-creates-new-implied-c...

Please sign in or register to comment on this article.

Have your say

Opinion, blogs and columnists - call them what you like - this is the section where people have something to say. You might agree or you might not - whatever opinion you have make your views known in comments. Views of writers are not necessarily those of The Drum. If you would like to contribute a comment piece, email your idea to opinion@thedrum.com.