- The consent of the user must be captured.
- Consent may be obtained explicitly through the use of an opt-in check box which the user can tick if they agree to accept cookies.
- Consent may also be obtained by implication
Not all cookies require consent to be used. These are cookies essential to delivering the service requested by the user - session cookies, authentication cookies (for the duration of the session,) and user security cookies. For example, for storage of items in a shopping cart on an online website advance consent will not be required. This will generally be the case where the cookie is stored only for as long as the "session" is live and will be deleted at the end of the session.
As best practice, a positive action may be deployed to dismiss the notification.
[Note: many websites have addressed this issue by providing a 'hide' button which dismisses the notification.]
- Consent should be sought as part of a "prominent notification" displayed on entry to a web site (this might be the home page of the site but may also be via a 'deep link' to an inner page, which a user has found from a search result, for example).
- The Cookie Statement should contain clear and comprehensive information on how cookies are used, including information on the types of cookies used and details on how to remove them
- Clear and comprehensive information
- Itemised cookie types, including their purpose e.g. preferences such as language or, font, browsing & search history, tracking, session security and any third party cookies
- Instructions on how to disable the cookies.
Third Party Cookies
Where third party cookies are being used, it is not sufficient to simply refer the user to third party websites. In such situations or where there are many cookies being created or read by the site (or its partners) we recommend the inclusion in the Cookies Statement of a tabulated explanation of all cookies with the following details:
- A description of their purpose
- Their expiry dates
- Links to advertising networks' opt-out mechanisms for third party cookies
Note: A mock web page based on this guidance can be viewed via this link (PDF - 400Kb)