In order to help businesses get ready for the change, the ICO has recently published guidelines providing practical advice on the new cookies rules, explaining what steps you need to take to ensure you comply. The guidance features many examples for businesses to get a sense of what is covered. For example, interestingly, the only applicable exception to the cookies rule for most website operators is if the cookie is “strictly necessary” for a service requested by the user. While there is little guidance on what is “strictly necessary,” the guidelines provide some information. According to the ICO, cookies used to implement a shopping cart may fall under the “strictly necessary” exception, if the cookies are necessary to ensure that items selected on previous pages are available during check-out. However, the ICO stressed that this exception is very narrow and would not apply to cookies used to make the website more attractive by remembering users’ preferences.
The guidance is intended to help organizations to start to think about the practical steps they will need to take to remain compliant with the new law. According to the ICO, it will be supplemented by additional content as innovative ways to acquire users’ consent are developed.
What does this mean for other countries that do business in the UK? Well, when a company offers a UK or EU version of a website, for example, it may be required (or at least expected by users) to follow the EU rules – now implemented locally in the UK.