In particular the ICO advised that cookies should be identified as either essential for the operation of the website such as managing the shopping basket for sales, and those that are non-essential. Specifically Google Analytics is not essential. Landing pages should not have any non-essential cookies and consent must be obtained before using non-essential cookies on any website pages.
The ICO website demonstrates the new style cookie consent notice.
Be aware that the law actually changed when GDPR was introduced as the standard for consent automatically applied to the Privacy and Electronic Communications Regulation when GDPR came into full force on 25 May 2018. There has been an EUCJ ruling in October 2019 which held that cookie consent must be active and explicit (Bundesverband der Verbraucherzentralen und Verbraucherverbände — Verbraucherzentrale Bundesverband eV v. Planet49 GmbH). Also the Spanish data protection authority has fined Vueling Airlines €18,000 in September 2019 for inadequate cookie consent. The summary on the European Data Protection Board website reads:
“Users who access the Vueling company’s website do not have the ability to configure the cookies that are installed on their computers.
What the company does not provide is a management system or cookie configuration panel that allows the user to delete them in a granular way. To facilitate this selection the panel would have to enable a mechanism or button to reject all cookies, another to enable all cookies or to be able to do it in a granular way in order to manage the preferences of each user.”
This is a useful summary of what is required in a 2019 cookie consent and notice.
Leave A Comment