In the UK we have many government departments and quangos which all run inefficiently and cost the public purse lots of money. One of these great establishments is the Information Commissioners Office (ICO) with whom you must register if you collect/process personal information. The ICO also issue guidance on the European Cookie Law, a mechanism put in place in the super large inefficient establishment called the European Union which also costs the public purse lots of money.
So my point is, as a host of a website, I decided it was time to revisit the EU Cookie policy to ensure I am happy that I comply with the legislation within the policy. To get some information, I carried out a Google search for EU Cookie Policy and landed upon the ICO site at the following page:
http://ico.org.uk/for_organisations/privacy_and_electronic_communications/the_guide/cookies
Because I have not been to the ICO website before, I got the banner at the bottom of the page stating
We have placed cookies on your computer to help make this website better. You can change your cookie settings at any time. Otherwise, we’ll assume you’re OK to continue.
So what this says is, the ICO have already set cookies on my computer, and that if Im not happy with this I can change my cookie settings, if not they will assume I am OK with it. I checked and low and behold, the ICO had set 13 cookies on my machine. So what can I do, well either panic and delete them or just ignore them and carry on, I dont need to do anything because by carrying on I am implying that I consent, also known in the legal business as, well, very simply implied consent. Right, very well but, the ICO guidance on cookies states that:
Cookies or similar devices must not be used unless the subscriber or user of the relevant terminal equipment:
(a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and
(b) has given his or her consent.
Ok, so I can click on a link at the bottom of the page and I am sent to a page explaining what the cookies are and how to delete them and not set them again. The concern is that the above guidance from ICO clearly states Cookies or similar devices must not be used unless So, my concern is, from the ICOs own guidance I have not, up to the point the cookies were set, been provided with provided with clear and comprehensive information about the purposes of the storage of, or access to, that information or nor have I given consent. Consent is only implied by continued use of the site, therefore by arriving at the site I have not continued to use it, I have arrived at it therefor this is not implying consent, therefore, consent was not given and 13 cookies were set.
You try, go to a website hosted by a European member state and before you do anything else see if they have set cookies on your arrival, I bet they have. Then read the guidance again:
Cookies or similar devices must not be used unless the subscriber or user of the relevant terminal equipment:
(a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and
(b) has given his or her consent.
Were you provided with clear and comprehensive information and did you give your consent whether implied or otherwise before those cookies were set? I bet you weren’t and didn’t…
The rule makers break the rules