As From Saturday 26th May, British Businesses Will Be Liable To A £500,000 Fine From The ICO If Found Guilty Of Not Complying With The EU Cookie Law.
Our Cookie Law Service Ensures YOU Stay Safe. One time low cost soloution
• Implied consent is a valid form of consent and can be used in the context of compliance with the revised rules on cookies.
• Relying on implied consent? You need to be satisfied that your users understand that their actions will result in cookies being set. Without this understanding you do not have their informed consent.
• In some circumstances, for example where you are collecting sensitive personal data such as health information, you might feel that explicit consent is more appropriate.
What does this mean?
Yes! Google Analytics Requires Consent Of The Visitor!
Are they trying to ruin my business?
Remember that this rule is NOT to stop your business from collecting useful data to improve your website and to improve your business. These are legitimate uses, as are eCommerce cookies for tracking a users progress in order to give them the best experience you can. Rather, it’s to stop spyware and other malicious uses of cookies which might have criminal motives behind them.
Information to be provided
Cookies or similar devices must not be used unless the subscriber or user of the relevant terminal equipment:
(a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and
(b) has given his or her consent.
The Regulations state that once a person has used such a device to store or access data in the terminal equipment of a user or subscriber, that person will not be required to provide the information described and obtain consent (and discussed above) on subsequent occasions, as long as they met these requirements initially. Although the Regulations do not require the relevant information to be provided on each occasion, they do not prevent this.
Our Cookie Law Service Ensures You’re Covered with a one time low cost soloution.
Responsibility for providing the information and obtaining consent
The ICO Provides this statement of where the responsibility lies: “Where a person operates an online service and any use of a cookie type device will be for their purposes only, it is clear that that person will be responsible for complying with this Regulation.”
Exemptions from the right to refuse a cookie
The Regulations specify that service providers should not have to provide the information and obtain consent where that device is to be used:
• for the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network; or
• where such storage or access is strictly necessary to provide an information society service requested by the subscriber or user.
In defining an ‘information society service’ the Electronic Commerce (EC Directive) Regulations 2002 refer to ‘any service normally provided for remuneration, at a distance, by means of electronic equipment for the processing (including digital compression) and storage of data, and at the individual request of a recipient of a service’.
The term ‘strictly necessary’ means that such storage of or access to information should be essential, rather than reasonably necessary, for this exemption to apply. However, it will also be restricted to what is essential to provide the service requested by the user, rather than what might be essential for any other uses the service provider might wish to make of that data. It will also include what is required to comply with any other legislation the service provider might be subject to, for example, the security requirements of the seventh data protection principle.
Where the use of a cookie type device is deemed ‘important’ rather than ‘strictly necessary’, those collecting the information are still obliged to provide information about the device to the potential service recipient and obtain consent.
This post was written By Mark Hall