‘Unlikely to prioritise first party cookies used only for analytical purposes’ – United Kingdom’s New Guidelines for Cookie Use

The UK’s Information Commissioner’s Office published new guidance for website owners regarding cookie user and online privacy. As the UK moves towards compliance, they are already half way through the year that the ICO gave businesses to get their digital house in order, the prevailing attitude is that businesses ‘must try harder’.

A Ray of Hope – Analytics cookies are not a ‘priority’
The guidelines contain the following information, on their FAQ on Page 27:

ICO Cookie Guidelines

“unlikely to prioritise” – looks like the door is not completely shut on using Google Analytics then – I am cautiously positive. It remains to be seen what other European countries do. While we wait, in Sweden, for the PTS to produce guidelines we should make sure our own houses are in order, identify the cookies we use and give users clear instructions on why we’re using them – hasty implementations of consent boxes and banners may not necessarily be the best solution in the long term.


Cookie Law Comes Into Effect In Sweden – PTS are reponsible and no detail available yet.

The new cookie law came into effect, in Sweden, on the 1st of July. It’s a response to the horrendous EU directive, widely seen as a cookie killer, which is an attempt to address online privacy issues. I’ve previously blogged about it here. The short version is that the directive requires consent from a website visitor, before a cookie can be placed on their computer. This impacts a whole bunch of website functionality, but not least Google Analytics. Brian Clifton has blogged about the implications for Google Analytics in two blog posts, shortly after the launch of the directive in the UK and then a little later.

If you’re in Sweden, then there’s a couple of things worth knowing. First, the Swedish Post and Telecom Agency (PTS) is responsible for the execution of this new directive, and its Swedish interpretation. When I posted this, they had some information for website owners, but nothing concrete. There’s certainly not a ‘cookies are the big bad’ message from them – so far, so good I say. Right now, they are saying that they are giving website owners time to figure out how to get consent for cookies from website visitors.

The other important thing to know is that the Swedish arm of the IAB has prepared guidelines for website owners and are looking for feedback. The guidelines are available in both English and Swedish. Their suggestion is that consent is based on the users browser settings. The IAB guidelines are a best practice suggestion which avoid killing our website functionality with ugly consent requests (check out the banner on the top of the ICO’s website from the UK – and then take a look at what this has done to the data they’ve been able to collect from Google Analytics).

Best thing you can do right now? Don’t panic, read Brian’s latest blog post and get your website’s privacy statement in order. Checking to see what cookies your website is leaving on people’s computers might not be a bad idea either.