On 3rd July 2019, the ICO updated their guidance on cookie policies. That means that yours may now break the rules and will need to be updated!
So, what changes do you need to be aware of? We’ve outlined the basics to help make sure you comply to the most up-to-date cookie guidelines.
1. Inform your user
It is no longer deemed acceptable to simply list the type of cookies that your website or email correspondence uses.
Instead, the ICO have insisted that companies inform their users exactly what each cookie does with their users’ information. This includes with any third parties, such as Facebook pixels. If you can’t say exactly what the third party is doing with your user’s information, you shouldn’t allow their cookies to be used.
2. Consent can’t simply be ‘implied’
Some websites assume consent is implied by a user visiting the site. Others slide a consent bar to “on” or pre-tick a consent box unless otherwise changed, and others try to influence the user with different font sizes, etc.
None of these methods count as valid consent. Instead, users must have full, un-biased control over accepting cookies.
3. Nudges and Cookie Walls are not allowed
This goes against the rules of giving users ‘free choice’.
4. The rules don’t just apply to website cookies
Other devices and methods of contact also need to follow these guidelines. For example, emails contain something called tracking pixels, which must require consent from the user before capturing those data cookies.
Mobile phones, smart TVs, wearables and “Internet of Things” devices where cookies or similar technologies are used must also follow these new rules.
What happens if you don’t comply?
The ICO has stated that ‘formal enforcement action may be taken against companies that do not comply to these updated guidelines. So it’s important to check that you are following the rules.
Be careful that you are not caught out with your email correspondence, as well as with your website!