This is great news – not only for the ICO, who will be able
to harvest very useful information about how users navigate the website, but
also for those who argue that implied consent can, in certain cases, be just as
valid as obtaining explicit consent, to process data lawfully.
The ICO’s public explanation for the change is interesting: “We first introduced a notice about cookies
in May 2011, and at that time we chose to ask for explicit consent for cookies.
We felt this was appropriate at the time, considering that many people didn’t
know much about cookies and what they were used for. We also considered that
asking for explicit consent would help raise awareness about cookies, both for
users and website owners. Since then, many more people are aware of cookies –
both because of what we’ve been doing, and other websites taking their own steps
to comply. We now consider it’s appropriate for us to rely on a responsible
implementation of implied consent, as indeed have many other websites.”
However, there
was no mention of the difficulties that were caused to ICO staff, who found
that hardly anyone had explicitly consented to the placement of cookies that fell outside the 'strictly necessary' category
on their devices, so the ICO didn’t know whether much of the content that had
been published on its own website was actually being read by many people. Perhaps the original approach really was detrimental
to the legitimate interests of webmasters.
Nor was there
mention of any evidence of whether many people had actually realised, from the
plethora of cookie warnings that have been plastered on websites everywhere
since May 2011, what cookies actually were.
I suspect that the great British public has generally ignored this historic
opportunity to learn more about cookies – and that they will be quite grateful
not to have to click away at a snowstorm of warning notices before they get to
the stuff they really wanted to access. If anyone has any evidence about how these
notices have changed behaviours, I’m sure we would all really like to see it.
Sanity rules. And three cheers for that.
What we now need
is, say, for good incident to arise which night cause a spat between different regulators. Perhaps a Dutch citizen, resident in Holland, could complain to the Dutch Data
Protection Regulator that they had logged onto the ICO’s website and found that
some types of cookies had been installed on their devices – cookies which, if
they had been loaded by a Dutch data controller in Holland, should only have
happened after explicit consent had been supplied. That will keep the Sado Dataprotectionists going
for a few more months.
Source:
http://www.ico.gov.uk/news/current_topics/changes-to-cookies-on-our-website.aspx
.
Posts
