Cookies and Permission
The Information Commissioner (ICO) and the EU Working party have revisited the original 2011 law that required websites to explicitly request permission from the visitor before placing a cookie on their machine. Their intention was to resolve some of the misunderstandings and operational difficulties that website owners were having understand when they should request permission and when they should just inform.
The additional guidance has been issued as an "opinion" from the EU working party and an update on the ICO guidance notes. In essence this now indicates;
Session cookies
Where these are anonymous and used for the duration of the visit (or slightly longer now) and are necessary to deliver the functionality of the website – explicit permission is not required.
Analytics cookies
Where these are to monitor the performance and anonymous use of your website (including cookies detecting return visits) – explicit permission is not required.
Third party cookies
Where we use a social media sharing link and the visitor is a logged in member of that network – explicit permission is not required.
Where we use the sharing links that place a cookie on the machine before we know whether they are a member or not – we do need to explicitly ask permission. This example would cover the use of a Twitter or Facebook widget which would not be shown until permission was given.
What this means to you
This largely confirms the guidance that Free Rein was offering and so most clients will not need to do anything. However, where third party widgets are used the information is drawn down from their website. They may not be adding their cookies at the time of our building the site but it is possible that they could add them at a later date and we would not necessarily be advised.
We will therefore be revisiting our cookie acceptance code to develop one that will react dynamically with any new third party cookies. As soon as this is resolved we will be in contact directly with each client to discuss what needs to be done and when.
New guidance from EU and ICO
If you would like to read it in detail yourself;
EU Data Protection Working Party Opinion on Cookie Consent
ICO Cookie Guidance