Legal Matters: Beware of the Cookie Monster

Examples of information that's likely to be considered "strictly necessary" include the following: cookies that are used to remember the goods users wish to buy when they proceed to checkout or add goods to their shopping baskets; cookies that are installed to provide the level of security necessary to comply with EU data protection requirements for an activity that the user has requested (e.g., online banking services); and cookies that ensure the content of a web page loads quickly by distributing the workload across numerous computers.

On the other hand, uses that are unlikely to be viewed as "strictly necessary" include cookies used for analytical purposes to count the number of unique visits to a website; first- and third-party advertising cookies; and cookies used to recognize a user when they return to a website so that the greeting they receive can be customized.

Stay Tuned
As other members of the EU incorporate the EU Cookie Directive into their national laws, they may apply stricter or more relaxed interpretations than the rules contained in the U.K.'s ICO Guidance. Also, the ICO may issue amended rules as it reviews the extent of compliance and level of effectiveness of its May 2012 Guidance. If the ICO concludes that current consumer notice and implied consent measures don't result in adequate consumer protection, the requirements may be modified to require greater prominence of the cookie policy on a website's homepage and more affirmative action on the part of visitors to accept the placement of cookies on their computers and mobile devices.

George S. Isaacson is a senior partner at Brann & Isaacson, a direct marketing law firm. George can be reached at gisaacson@brannlaw.com.