As I mentioned in my previous post, a user must give informed consent before a website operator is allowed to set cookies on your browser.
The ICO has now changed its stance and allows “implied consent” for web users.
Following on from my last blog post the 26th of May has passed and according to a recent KPMG study, 95% of companies have yet to comply with the legislation.
However, things DID change only hours before the compliance was due to come into force.
Website operators need to remember that where their activities result in the collection of sensitive personal data such as information about an identifiable individual’s health then data protection law might require them to obtain explicit consent.
In some circumstances those seeking consent might consider implied consent as an option that was perhaps more practical than the explicit opt-in model.
To explain further it might be useful to unpack what we actually mean by the term “implied consent” remembering throughout that consent (whether it is implied or express) has to be a freely given, specific and informed indication of the individual’s wishes.
Implied consent is certainly a valid form of consent but those who seek to rely on it should not see it as an easy way out or use the term as a euphemism for “doing nothing”.
In many cases, to create a situation in which implied consent is acceptable to subscribers, users and the regulator it would still be necessary to follow the steps set out in the Information Commissioner’s existing guidance.
For UK site owners, implied consent moves some of the burden away from the site operator and towards the site visitor.The ICO has released an updated guidance document which has a section which outlines the new implied consent section which is shown below: “Much of the debate around the so-called “consent for cookies” rule has focussed on the nature of the consent required for compliance.