ICO changes its stance on cookies
The biggest upheaval to UK websites in 2012 was the implementation of the so-called Cookie Law which created yet another layer of bureaucracy on British websites. In an important development for website owners, the ICO has changed its stance on cookies on its own website.
The Information Commissioner's Office, the agency charged with enforcing the Electronic Privacy Directive, has recently changed its website so that it no longer asks for explicit consent to place cookies, and instead assumes implied consent. Instead of using an annoying pop-up which superficially offers privacy choices, a model which it said was best practice that other sites should follow, the ICO site now simply uses cookies from the time of arrival.
Is this switch to implied consent an implied admission that they got it wrong to start with? The statement from the ICO appears to be quite self-congratulatory. It feels that as a result of its work over the past 12 months, the public are now much more aware of cookies and privacy. I would argue with that claim. I feel there is now even more misunderstanding of cookies and of privacy as a result of the cookie mania of 2012. Many websites now insist you formally sign away your privacy in order to use the site, and I see no evidence that anyone's privacy has been improved as a result of ICOs actions in this area.
Does this change on the ICO website mean that the cookie law is effectively dead in the UK? No, not at all. The privacy directive still applies, in both the UK and many European countries. But hopefully it will lead to an end of the annoying pop-up boxes with the pretence of choice, and instead see better implementations in those cases where explicit consent really is required.
25th February 2013