The new “cookie law,” which is part of the 2011 amendment to the Privacy and Electronic Communications Regulation 2011, came into force on May 27. However, there was a dramatic change in guidance from the Information Commissioner’s Office (ICO) just before the new law came into force, stating that “implicit consent” is now the main requirement, with the emphasis having shifted from the everyday functionality of cookies to the protection of personal information.
The use of “implied consent” shifts responsibility to the user rather than the website operator, and has been a relief to thousands of website operators who have been struggling to comply with new EU directives which came into law a year ago.
The directives required sites to make it clear when they were saving a cookie on the user’s computer, which many sites complained was simply impractical. Sites rely on cookies to store data such as online shopping baskets, identification and other user preferences, and requiring users to agree to each instance would subject them to a multiple decisions about acceptance or refusal and would probably lead to a huge drop in on-line revenue.