The ICO guidance does not provide a prescriptive list of instructions as to how website operators should comply with the amended Directive. The guidance does, however, give insight into the ICO’s approach to consent. The ICO envisages a sliding scale of consent: if a cookie is particularly intrusive, the website operator should seek to prioritise obtaining meaningful consent for this particular cookie. At the same time, the ICO acknowledges that some cookies have little impact on a user’s privacy and suggests that consent can be gained in a less direct manner. The ICO’s suggested measures include consent notices in the website terms and conditions, and pop-up windows requesting consent or advising users as to the existence of third-party cookies.
The guidance addresses the key question of whether a website operator can seek to rely on the settings of the user’s internet browser as evidence of consent. The Directive suggests this as an option where an internet user changes the default settings on an internet browser to accept cookies. The UK Government’s response paper to the Directive also stated that the UK Government’s preferred approach is to work with browser manufacturers on a solution which will use enhanced browser settings to obtain the requisite consent. For more information, click here. The ICO’s position, for the moment at least, is that the settings of the user’s internet browser cannot be relied upon as consent. This may change if browser manufacturers can produce an adequate solution.