UK ICO Issued a Reminder of How Cookies Should be Used for GDPR

UK ICO issued a reminder of how cookies should be used for GDPR

UK regulator ICO is set to play cookie cop for the digital ad industry

"This week, U.K. data protection authority the Information Commissioner’s Office issued a blunt reminder of how cookies should be used under the Privacy Electronics Communications Regulation. The reason: The law has now been updated to mirror the General Data Protection Regulation’s rules on consent." according to Digiday

What we can learn from the reminder from UK ICO?

According to UK ICO:

"Any cookie necessary for the delivery of the service a person has requested to use doesn’t need user consent".

Only the cookies such as user login credential or make website functional don't need user consent. The cookies such as remarketing and retargeting cookies, Google analytics cookies, A/B testing cookies, etc do need user consent.

UniConsent has the feature to manage all the cookies based on the user's consent status, making sure your site is cookie compliance.

"Cookie compliance will be an increasing regulatory priority for the ICO in the future", "businesses should run cookie audits".

Any marketing website or publishing website need to run cookie auditing to figure out what the cookies are used on your website.

UniConsent runs cookie consent once per day on your website, making sure the cookies list is up to date.

"Users must give explicit consent to cookies which are deemed non-essential to their website visit"

Users need to understand which cookies are running on your website, they need a detailed list of cookies.

UniConsent discloses the cookie list to all the users, you are also able to add custom cookies to the list.

"Pre-ticked boxes (of which there are still many) or any tactic that means users are opted in by default are not allowed for non-essential cookies"

There should be no pre-ticked boxes, making sure you don't drop cookies or fire third-party javascript tags to the user's browser before gaining the consent.

"Users must be given absolute control over what non-essential cookies are dropped on them and these kinds of cookies also can’t be set on landing pages before that user has given consent"

Users should be able to change their mind and consent. UniConsent provides a badge at the bottom of the page allowing users to update their consent.

It is a common mistake that lots of websites drop cookies before getting consent. This even happens on a website installed other CMP.

With UniConsent's consent based tag manager, you can fire third-party tags or drop cookies based on the user's consent.

"Analytics cookies need consent"

You still need to collect consent and CMP if you only have Google analytics tags on your site.

"Cookie walls is not valid consent under GDPR"

A publisher can not force the user to give consent to access the content. This kind of cookie wall is not valid. The consent should be freely given.

"Relying on a legitimate interest in sending targeted advertising is a hard no"

Targeted advertising cookies are not a legitimate interest of a digital publisher.

Reference:

• https://digiday.com/media/uk-regulator-ico-issues-cookie-use-reality-check-ad-industry/