At a recent roundtable event hosted by Olswang LLP, Datonomy heard a range of perspectives on the new cookie consent requirements. Readers can find useful resources from the event via the right menu below (scroll down to “Cookie resources”) including the headline comments from our panel of speakers.
Over 30 in house counsel from a range of consumer facing businesses – all getting to grips with compliance with the UK’s new rules – attended the breakfast seminar. Recognising that the legal world is now sick of cookie puns, croissants were on the breakfast menu instead.
The UK regulatory perspective was provided by Dave Evans, Group Manager at the Information Commissioner’s Office. The clear message to UK website owners, echoing the ICO’s recent guidance, is that doing nothing and hoping a browser-based consent solution will come to the rescue is simply not an option. Businesses should be analysing the cookies on their websites, informing website users about the nature and uses of those cookies and offering choices about whether or not to accept their use, prioritising according to the intrusiveness or otherwise of those cookies used. It was stressed that there will be no single “silver bullet” solution to obtaining consent. As highlighted in the ICO’s guidance, there are different ways for businesses to approach the issue of consent, according to the context. Apart from the tick box approach on the ICO’s own website, and a possible browser solution in future (for those scenarios where an up to date browser is used), consent could instead be feature led. One example given was of a site which provides local weather information by using cookies to remember the user’s location and which incentivises consent by explaining to the user how these useful features are made possible by cookies. Our “key points” notes on the right hand menu give more details of Dave’s insight into the ICO’s enforcement stance on cookies in the short term.
Technical insight was provided by Richard Carman and Chris Mellish of web design company Pure Innovations. They too urged businesses to think creatively about consent as part of the consumer’s website experience. They also spoke up for the much-maligned cookie, reminding us that the term covers a wide spectrum of intrusiveness, from the relatively benign to the more sinister zombie cookie. If, like this Datonomist, you are a bit of a technophobe, you will find answers to those questions you may have been too embarrassed to ask in Richard and Chris’s excellent “Technical FAQs on cookies” on the right hand link below.
With the current focus on the detail of cookie compliance, Olswang privacy expert Elle Todd encouraged us not to lose sight of the bigger picture of data protection risk and compliance, including security and data retention issues.
Providing international perspective, Matthias Vierstraete and Carsten Kociok from Olswang’s Brussels and Berlin offices respectively summarised the state of play on implementation in their jurisdictions. See the “EU cookie implementation” table below for the latest news from Datonomy’s contributors from Belgium, Germany, Spain and beyond. Self regulatory measures seem to be the favoured approach by those jurisdictions.
Datonomy readers will no doubt have seen last week’s announcement by the Commission about failure of the majority of EU Member States to transpose the rules on time. The UK is one of only seven Member States to have fully transposed the changes required by the EU telecoms package, of which the cookie consent requirements form part. The other 20 Member States have received letters of formal notice, the first step in the Commission’s armoury of enforcement measures.
Datonomy and its correspondents around the EU will bring you more news on implementation, guidance and examples of consent solutions which we spot on our (online) travels over the Summer.