The internet is awash with speculation that the European Cookie Directive is ‘dead’. The Information Commissioner’s Office (ICO) has stopped asking users for permission to set cookies – on its own website, no less – something many have interpreted as the death knell for the unpopular law. The ICO argues that web users are now ‘more aware of cookies’ and therefore it’s ‘appropriate’ to rely on a responsible implementation of implied consent.
So ICO has essentially created a new business model for those who have yet to comply with the law. Online conversation on the subject is suggesting that site owners can now follow the ICO’s example and know that they are compliant. It does finally seem to make what was originally a grey area slightly clearer.
We would urge those who are yet to comply, however, to show a degree of caution. Just because the ICO has taken a more sensible approach doesn’t mean Parliament will amend the law. And it doesn’t mean that the ICO will stop enforcing that law either.
We say you still need to make an assessment on the appropriate level of compliance, because one approach does not fit all when it comes to cookies. How best to proceed should take into account the individuality of every site and the intrusiveness – or perceived intrusiveness – of the cookies it uses.
So in answer to our headline, we wouldn’t say that the cookie has crumbled just yet. It’s more that the crumbs are being scattered in another direction!