Original URL: http://www.theregister.co.uk/2013/02/01/ico_cookie_policy_change/

UK cookies cop changes own policy to ‘implied consent’

Information Commissioner’s Office says deadly threat to privacy now well understood

By Simon Sharwood

Posted in Policy, 1st February 2013 01:09 GMT

The UK Information Commissioner’s Office (ICO), the agency charged with implementing the EU’s ePrivacy Directive insisting web publishers tell their readers about how they use cookies, has changed its own cookie policy to one of implied consent rather than asking visitors to its website to formally opt in to receiving cookies. The change will also see cookies set “from the time users arrive” on the agency’s site.

The Directive was designed to enhance citizens’ privacy by, among other things, letting them know that web publishers record information about them and their use of web sites with cookies. Once so informed, consumers were held to be in a position to understand the deadly threat posed to their wellbeing and liberty by any form of data collection. The Directive was signed into law in 2011, but the UK held off implementing it until May 2012, when the ICO waved a big stick and pointed it at fine print indicating colossal fines for non-compliance.

In response to the Directive, many publishers posted a page like our own cookies page or popped up a quick dialog box to lead users to similar pages or secure their consent for the use of cookies.

Overall, however, compliance levels were low and examples of enforcement activity hard to find.

Eight months down the track, the ICO feels all that activity has worked and the general public are now so well-informed about cookies that it can take things down a notch.

Here’s the Office’s reasoning on the matter:

“We first introduced a notice about cookies in May 2011, and at that time we chose to ask for explicit consent for cookies. We felt this was appropriate at the time, considering that many people didn’t know much about cookies and what they were used for. We also considered that asking for explicit consent would help raise awareness about cookies, both for users and website owners. Since then, many more people are aware of cookies – both because of what we’ve been doing, and other websites taking their own steps to comply. We now consider it’s appropriate for us to rely on a responsible implementation of implied consent, as indeed have many other websites.”

Cookie notifications aren’t disappearing from the agency’s site, as a new banner will continue to inform visitors about cookie use on a new cookie page. The ICO is “also taking advantage of a feature which limits the geographical information collected by our analytics cookies.”

And why does the ICO need cookies at all? The agency says “We are making this change so that we can get reliable information to make our website better.” ®