Legal Matters: Beware of the Cookie Monster
The UK Relaxes User Consent Requirement
The ICO Guidance, while welcome in terms of informing website operators that they don't require an affirmative opt in prior to the installation of cookies on visitors' computers, isn't clear in indicating exactly what measures will satisfy the user consent requirements of U.K. law. It would be reasonable to conclude, however, that, at a minimum, the following two actions would be necessary for compliance:
- the presence of an information page providing a general explanation of what cookies are and their function on the website; and
- providing a link to that information page from the website's homepage.
User Consent Isn't Required for Certain Types of Cookies
It should be noted that the EU Directive contains an exception from any consent requirement for cookies that are "strictly necessary." In order for cookies to meet this definition, "such storage of or access to information should be essential rather than reasonably necessary … to provide the service requested by the user." The exception doesn't apply when the cookie is only "'important' rather than 'strictly necessary.'"