UK Information Commissioner relaxes cookie rules
The ICO site itself now limits itself to displaying a notice on the bottom of the screen stating that cookies are used the first time a user visits it. Users are also referred to the ICO's data protection statement and to information on controlling and managing cookies. Users can close or simply ignore the notice, which, unless the cookie is deleted, will not be displayed on subsequent visits to the website. Previously, site users had to actively consent to cookie storage and click on a highly conspicuous declaration.
The UK is considered a pioneer in implementation of rules on cookie use arising from the EU's Data Protection Directive. Graham's new approach is being interpreted as meaning that the previous strict requirements are "dead". However, the ICO never really enforced the old guidelines. EU rules have long been a source of confusion, frequently even having been interpreted as a complete ban on cookies. The statement of the rationale for the 'e-privacy directive', by contrast, merely states that routes to information and to enabling users to decline to have cookies placed on their computers must be designed to be as user friendly as possible.
EU data protection commissioners making up the Article 29 Working Party published an explanation of options for legally compliant deployment of cookies in 2012, according to which it is not necessary to continually obtain user consent. Configuration options or 'Do Not Track' settings can, it argues, also be an acceptable solution. In contrast to the UK, the German government has not previously considered it necessary to transpose the EU regulations into German law. They believe that the Directive raises practical questions which initially require further consultation at the European level. Germany's Federal Data Protection Commissioner Peter Schaar is, however, of the opinion that EU cookie rules are directly applicable in Germany.
(Stefan Krempl / djwm)