On July 3, 2019, the UK Information Commissioner’s Office (ICO) released its new Guidance on the Use of Cookies and Similar Technologies, which addresses the use and requirements in relation to cookies, the relationship between Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR) and the General Data Protection Regulation (GDPR), as well as how to comply with both.

Learn more about the ICO’s guidance by watching our webinar or requesting a demo of OneTrust’s Cookie Consent solution

About the ICO’s Guidance

The Guidance impacts all organizations that operate an online service, such as a website or a mobile app, and need – more clarity on how the GDPR and PECR applies to the use of cookies, and includes:

  • Cookie consent is the same as GDPR-compliant consent (unbundled, specific, granular)
  • Consent needs to be actively given (no interaction with the banner does not imply consent)
  • Only strictly necessary cookies can be dropped automatically, all others require consent (including analytics and audience tracking)
  • Consent cannot be “hidden” in the online Terms & Conditions
  • No “nudging” toward consenting to cookies (emphasizing agree over reject is not advised)
  • Requirement to list out all vendors for third-party ad tech cookies (where the data collected through cookies is used by other vendors in the role of data controllers) with options to accept or refuse cookies for each vendor.
  • No prescribed retention periods for cookie data – but organizations are expected to be reasonable when setting the lifespan for the trackers and information collected through them.

Related: Updated CNIL Cookie Guidelines and What They Mean for You

The ICO also released a myth-busting blog where they clear up some of the misconceptions and uncertainty around cookies, including can you rely on implied content for the use of cookies, and can companies use a cookie wall to restrict access and more. Read the full blog here.

How OneTrust Helps

OneTrust’s Cookie Consent and Website Scanning solution has been updated with recent ICO, CNIL and country-specific guidance built in. To help meet the ICO’s new guidance, OneTrust’s solution provides:

All Required Information
Include all required information on the cookie banner and in the preference centre to ensure data subjects are fully informed. OneTrust automatically generates a detailed Cookie List based on the latest website scan. Easily update the information provided from the OneTrust user-friendly interface at any time without the intervention of a technical team, while tracking changes in an audit log.

Granular Records of Consent
Granular records of a user’s consent and audit trails are available on demand within the OneTrust platform.

Historical Audit Trails
User’s modifications to settings on the cookie banner or preferences are stored in a detailed audit log to show compliance over time

Allow The User To Update Their Preferences At Any Time
Provide choices at all times with a granular preference centre to easily manage cookie preferences. Enable granular preferences across cookie categories determined within the OneTrust platform.

Adaptable Consent Approach
OneTrust can support multiple consent models, whether it be opt-out, opt-in, explicit, implied, notice only. Set up different models for each cookie category to meet compliance while maintaining optimal performance using analytics.

To learn more about the ICO’s new guidance and how OneTrust can help, watch our webinar or request a demo of OneTrust’s Cookie Consent solution.