Friday 5th July 2019
“Essentially, the ICO is saying that you can no longer perform analytics without consent. Rather than using implied consent, as was previously the case with the Privacy and Electronic Communications Regulations (PECR), users must now take clear and positive action to consent to non-essential cookies, thus ensuring compliance with GDPR. This includes third party cookies used for the purposes of online advertising or web analytics.
“Under the new guidance, websites and apps must tell users clearly what cookies will be set and what they do (including any third party cookies), pre-ticked boxes or any equivalents (such as sliders defaulted to ‘on’) cannot be used for non-essential cookies and users must have control over any non-essential cookies. They also cannot be set on landing pages before the user’s consent is given.
“Interestingly, this update comes just a few weeks after the ICO admitted that its own cookies were not compliant with GDPR.
“The ICO’s official line is that it supports innovation but that can’t always be at the expense of people’s legal rights. Cookies and similar technologies are important in ensuring the smooth running and convenience of much of the digital world, it is simply a matter of using them in a legally compliant way. But what impact will compliance have on revenue streams?
“The ICO recognises that analytics can provide useful insight, however they are not part of the functionality that the user requests when they use an online service – which means they are deemed ‘non-essential cookies’. Time will tell how many people give consent for non-essential cookies, but it will undoubtedly restrict the reach of advertisers.
“The industry must now look at developing an alternative method of getting the information it needs to understand, identify and target consumers.”
Ryan Gracey’s comments were used by Digiday.