In May 2012, a new law came into force (replacing the guidance issued in Dec 2011) requiring businesses to obtain consent from visitors to their websites to store or retrieve usage information from users’ computers or mobile devices. Many businesses use what are known as “cookies” (small files that a website puts on a user’s computer to remember something) as a technique for storing information.
The revised guidance note has been designed to help organisations consider: what type of cookies or similar technology are used by their website and for what purpose; how intrusive their use is; and which solution for obtaining users’ consent would best suit them. In its approach the guidance enforces the revised 2003 Regulations, which assures website owners that the Commissioner would allow a lead-in period of 12 months for organisations to develop ways of meeting the cookie-related requirements of the Regulations before he would consider using his enforcement powers.
There is one exception to the new consent rule and that is if your business has no requirement to obtain consent for an activity that is “strictly necessary” for a service requested by the user. For example, you would not need to obtain consent for a cookie which your business uses to ensure when a user of your site has chosen the goods they want to buy and clicks on an “add to basket” or “proceed to checkout” button, your site “remembers” what they chose on a previous page.