Does the new cookies guidance take the biscuit?!

Significant changes may be required to the ways that the providers of websites and mobile apps use cookies following the publication by the ICO of guidance on the use of cookies and other similar technologies.

The position on the use of cookies and the level of consent required in order to use such cookies has been unclear for some time, particularly following the changes to the standard of consent brought about by the GDPR. The intention was for cookie laws to be reformed as part of a wider revamp of the e-privacy legislation and for such reforms to take effect on the 25 May 2018 to coincide with the GDPR. However, almost 18 months on, the new laws have yet to come into force.

This guidance therefore provides such much-needed clarity but may also lead to a number of website and app owners having to rethink how they currently go about obtaining consent.

Some of the key takeaways from the guidance include:

You must provide people with clear information about the cookies that you intend to use and the purposes and duration of such cookies. Such information should be provided in such a way that users will see it when they first visit your site or app (for example by way of a cookie pop-up).
Consent must be obtained in order to use non-essential cookies. The GDPR standard of consent applies which means that it must be demonstrated by a clear, affirmative action such as actively ticking a box. Pre-ticked boxes or ‘on’ sliders are not allowed. Similarly, simply continuing to navigate or browse through a website will not satisfy this requirement.
Consent must be obtained before the cookies are enabled – this means that non-essential cookies cannot be placed on the homepage of a website or app if a user has not yet had the opportunity to consent to their use.
Consent is not required for what are known as "strictly necessary cookies" i.e. cookies that are essential to provide a service requested by the user or to comply with any other legislation. Examples given are cookies that ensure that when a user adds goods to a basket on an e-commerce site, the site remembers what items they placed in that basket when the user proceeds to the checkout.
If you use third-party cookies on your website, you must identify the third parties and the purposes for which such cookies will be used.

For more information on the guidance and its implications, please contact our TMT team.

Cookie	Type	Duration	Description
_CC	third party	2 years	Usage data and user statistics. Data captured by Collect Chat. https://collect.chat/
_cookie consent _status	Session	1 minute	Used to track whether users have clicked the cookie acceptance button
_ga	Persistent	2 years	Used by Google Analytics to distinguish users of the website
_gat	Session	1 minute	Used by Google Analytics to limit the number of requests that can be made by the user
_gfduid	Persistent	1 month	Used to speed up page load times
_gid	Persistent	24 hours	Used by Google Analytics to understand the user journey a visitor to the website takes when using the site
_lf	third party	2 years	Tracking user activity and behaviour, collecting information in the background (known as ‘web audience measurement’). Data captured by Lead Forensics. www.leadforensics.com

Does the new cookies guidance take the biscuit?!

Does the new cookies guidance take the biscuit?!

Recent Posts

Archives

Categories