As previously reported the EU Cookie Law has been a confusing experience for most UK website owners, with mixed messages and conflicting advice on how to meet compliance. This has resulted in various ugly cookie acceptance banners which really don’t do much to help the user experience.
However, the Information Commissioner’s Office (ICO) has recently clarified the idea of implied consent by posting an update to how they meet the Cookie Law on their own website.
The ICO confirm that implied consent is indeed OK. Which is great, since the alternative where you had to get consent before setting cookies was rather insane – and would have rendered analytics systems such as Google Analytics redundant.
The ICO have taken the tactic of displaying a cookie banner on the bottom of their site informing the user of cookies, though they have not advised this is a necessary component of meeting the cookie law.
If your site collects more sensitive personal data then some form of actual consent may still be required. However, it’s likely there is a registration system where terms and conditions can be agreed to. More information about cookies can be included in your terms. Just make sure that’s not the only place you talk about them.
Update (July 2016)
We have written a simple tool to integrate the EU Cookie warning onto your site which we have released via open source. It simply displays a message the first time the user visits your site, then is hidden. This same, simple technique is used on the GOV.UK website so we think its by far the best solution out there.