By now everyone should have a good idea of what their plans are and should be reasonably confident that they have genuinely worked constructively towards achieving compliance.

From Day one the advice from the ICO was to start with an audit of cookies (and similar technologies) and look at them with an assessment criteria that aligns to the rules as well as the ICO guidance. The essential vs non-essential nature of the cookie along with the level of intrusiveness are the critical audit criteria. Once that view is in place then business need to weigh-up how consumers should be informed of these cookies and how “consent” should be addressed.

The legal requirement for consent is the elephant in the room throughout all of this and it cannot be ignored. There are certainly ambiguities in what constitutes consent and how it overlaps with very clear and effective information transparency. It’s an evolving definition and I am mindful of the Information Commissioner advocating pro business intentions at a DCMS hosted event  this week (2^nd April)  and saying that there will be more guidance around “implied consent” in the fairly near future. “Don’t just wait for the guidance”  is the very clear message but I think a huge proportion of the online space will be interested in what the guidance will say.

Everyone agrees that greater transparency will be a good thing and also that consent mechanisms may be very counterproductive to both consumers (in terms of user journey) and for businesses. Look around and see how others are doing it – probably looking through some of what you would consider to be the most consumer aware/friendly sites would be a good start. Ironically the ICO says that they don’t think that their own implementation sets the standard to be followed – thakfully they seem very open to the notion that things can be done far more effectively.