But with no obvious industry lead emerging, there are a wide range of opinions on what businesses should do to achieve compliance with the revised regulations. Much of the 12-month grace period has been given over to talking, rather than any clear development of ways of compliance which can be universally accepted. Those hoping that browser standards will have been implemented will be disappointed as these remain a default option for the majority of users, so no change there.
The industry has been less than swift to respond. A recent survey conducted by Ctrl-Shift found that none of the top 100 retailers had fully complied with the requirements just three months ahead of the deadline.
The ICO has provided suggested wording with various degrees of sophistication, which can be used by those organisations wishing to be fully compliant, but these are the minimum steps/checks to follow and implement as necessary:
- Any cookies which show creation of detailed profiles of an individual’s browsing activity should be clearly identified to users.
- Determine what types of cookies are used on a website, on both an individual and anonymised level.
- Analyse how are those cookies are used and for what purpose.
- Remove any outdated/unnecessary cookies.
- Decide on the best solution to obtain consent.
- Evaluate the likely business impact of users exercising their right to remove consent.
- Ensure that the current privacy statement on the website is updated in line with the new regulation.
In spite of the new layer of complexity that the regulations bring, cookies remain a valuable tool with a myriad of uses for thousands of businesses, and organisations should not be overly daunted. Consumers are increasingly savvy about their privacy rights and how their data is used and well aware of their rights to remove consent. Businesses who choose to flout the new regulations risk not only hefty financial penalties but also the ensuing negative perceptions of non-compliance.
On the other hand those that are well prepared ahead of the deadline will benefit from the positive PR associated with best practice cookie usage and transparency and have the opportunity to convey the benefits that cookies ultimately have on the user’s experience.
Kim Walker (pictured) is a partner at law firm Thomas Eggar.