ICO publishes advice on cookie law

Businesses should gain user consent for cookies that collect statistical information or remember user preferences, according to the UK privacy authority.

The advice was included in the Information Commissioner's Office's (ICO) cookie law guidance (PDF), published on Monday. Businesses cannot yet rely on consent via browser settings, so must find alternative ways of gaining consent for cookies that store information on users' machines, the advice stated.

The cookie guidance is for compliance with UK regulations that will come into force on 26 May. The law will not be enforced right away, but businesses need to take steps now to ensure future compliance, the ICO said.

"We want people to be moving towards websites being compliant, but measures don't have to be in place by 26 May," an ICO spokesman told ZDNet UK on Monday.

Changes to terms and conditions to gain user consent may only be compliant if websites also explicitly ask users for consent to use cookies, the guidance states. According to the ICO spokesman, the office will publish guidance on enforcement action "in the coming weeks".

Although the European Union set a deadline of 25 May for the implementation of its new web-tracking rules, and the UK transposition of those rules is supposed to take effect the following day, the Department for Culture, Media and Sport (DCMS) said in April that enforcement would be delayed "in the short term" while technical solutions are established for the gaining of consent.