In [the] future, many websites may be able to rely on the user’s browser settings to demonstrate they had the user’s agreement to set all sorts of cookies. ... For now, though, you will need to consider other methods of getting user consent.
ICO guidance on EU cookie regulations
The ICO guidance (.pdf) says websites cannot rely on browser settings to decide whether a user consents to having his or her online activity tracked, and that, in most cases, sites should seek explicit consent from the visitor.
"In [the] future, many websites may be able to rely on the user’s browser settings to demonstrate they had the user’s agreement to set all sorts of cookies,” the ICO announcement states. “We are aware that the government is working with the major browser manufacturers to establish which browser-level solutions will be available and when. For now, though, you will need to consider other methods of getting user consent.”
According to London-based law firm Pinsent Masons, the government is working with Mozilla, Apple, Microsoft, Google, Yahoo, Adobe and the Internet Advertising Bureau to deliver an efficient technological way to obtain user consent.
The ICO concedes that companies will need some time to comply with the new EU cookie law, but insists they should be able to demonstrate they have a plan to reach compliance.
“The guidance is helpful in that it gives practical advice on steps businesses can take to stay on the right side of the law, but it is not definitive, which could leave businesses exposed later," said Claire McCracken, a lawyer at Pinsent Masons, writing on the OUT-LAW legal website.
"The guidance leaves it up to organisations to decide how to get users’ permission for cookie usage, which means different companies will use different methods," said McCracken. "Only once enforcement action starts will we really know which of these methods the ICO thinks are within the law and which are not.”