Today the ICO released some new guidance about my favourite upcoming Cookie law. The final entry in the FAQ offers a glimmer of hope for those of us stressing about losing access to our usage data. I say ‘glimmer of hope’ because the wording seems intentionally vague and non-committal but it does at least seem to be saying that noone is going to prosecute you for using Google Analytics – especially if you make some concerted effort to inform and educate your users about the existence of those Cookies. The relevant quote is below and I’ve attached the report here as well.
The thing is you do still have to take a bit of a punt as the ICO are still clear that they “do not consider analytical cookies fall within the ‘strictly necessary’ exception criteria” which is probably going to scare alot of pubic sector organisations into total compliance. I’m hoping to convince the powers that be at my place to take an educated risk and carry on unless the hammer drops on someone!
In practice we would expect you to provide clear information to users about analytical cookies and take what steps you can to seek their agreement. This is likely to involve making the argument to show users why these cookies are useful. Although the Information Commissioner cannot completely exclude the possibility of formal action in any area, it is highly unlikely that priority for any formal action would be given to focusing on uses of cookies where there is a low level of intrusiveness and risk of harm to individuals. Provided clear information is given about their activities we are highly unlikely to prioritise first party cookies used only for analytical purposes in any consideration of regulatory
Related to this Mr Ellis linked to a very appropriate video today – The stupid EU cookie law in 2½ minutes – which is worth a look