At the last minute, the UK’s Information Commisioner’s Office (ICO) has decided to dilute an already watery law. Last Thursday, among the last minute amendments to the law, legislators added implied consent to the EU Cookie law, which appears to be an appeal to overall acceptance and at odds with the law’s requirements of explicit informed consent.
After a year of leeway to allow organizations to work towards compliance with the Cookie Law, the ICO has rolled back to previous considerations of implied consent as being “more practical” solution to the explicit and, very visible, opt-in model. In a post on the ICO website, Dave Evans, Group Manager of Business and Industry, offered a summary of the clarifications:
Head of marketing and privacy law at a prominent UK law firm, Stephen Groom, said that the decision to consider implied consent as a valid form of consent was a “striking shift” from previous ICO statements where the ICO said that consumer awareness was not high enough for websites to rely entirely on implied consent, whereas now they stated that “implied consent has always been a reasonable proposition in the context of data protection law.”
How is the development community responding to this sudden change? With some ire, to put it delicately. Silktide, who had previously created videos on the law’s implementation, expressed some outrage, pointing out: “A year ago you graciously granted us an extra year to comply with the law, announcing your decision just 24 hours before the law came into effect. Last week, 24 hours before the really-we-mean-it-this-time law took hold, you changed it completely.”
These new guidelines challenge the UK web economy, equally challenging companies from Fortune 500 (Adobe) sizes to those on a smaller scale, such as Speckyboy. These new guidelines prevented this website from executing a planned implementation of the Cookie Law and forces it (and other independent sites) to come up with new lighter solutions.