What does the ICO’s recent guidance mean for the future of cookies?
In short, and irrespective of whether or not the website is processing any personal data, a website is only allowed to set a cookie on a user’s device if it is:
- strictly necessary; or
- the user of the website has given its consent.
If personal data is being processed on the website then the normal rules of the GDPR will also apply.
A “strictly necessary cookie” has a high threshold and is where a cookie is either (i) necessary for technical purposes to allow a communication to take place; or (ii) to provide a service the user has requested. Common examples of “strictly necessary” cookies are session cookies used to create a shopping basket, or a security cookie for a requested service.
What does this mean in practice?
- Cookie Walls – the lawful use of cookie walls by websites will be difficult and require careful thought. Blanket approaches, e.g. “by continuing to use this website you are agreeing to cookies” will not be valid as consent must be “freely given.”
- Analytics Cookies –the use of analytics cookies is not strictly necessary and requires users’ consent.
- Third Party Cookies – the use of third party cookies will invariably almost always require consent (especially adtech and social media cookies). This raises difficult questions over who is responsible for obtaining the consent (i.e. the website owner or the third party operator) and how it can lawfully be obtained. It also will require third parties to be explicitly named, and an explanation of how the third party uses those cookies will need to be provided to the user. This is a complex area, and further light may be shed on how websites should approach this issue of compliance at the conclusion of the ICO’s investigation into the adtech sector.
News & Insights
Conditional payment clauses in the UK and Middle East
Niel Coertse writes for Practical Law Construction on how conditional payment clauses help to prevent cash flow difficulties.
The latest edition of our regular competition law update