All your resources at your fingertips.Learn More
Did you know that that the UK's soft lead-in period to allow companies to get such policies in place expired in May 2012 so now the gloves are off as far as compliance is concerned?
Not quite as sweet as it sounds ... this policy should set out in clear terms what cookies are used by the company and why, usually in a table format, or by way of a broader explanation. In his half term report the ICO confirmed he expected the website owner to be able to demonstrate they had conducted a "Cookies Audit" and to be able to say how long it was going to take for the required measures to be implemented.
You should be able to identify which cookies you use on your website and explain why? You also need to say how long they will last for and what data they hold and whether they are first or third party cookies.
The harder part is obtaining consent from the user. There is some debate about whether implied consent is acceptable as the UK ICO has hedged away from other member state data regulators who have ruled this out but this may cause problems of a cross-border nature.
Owners of third party cookies also need to consider how they obtain such consent when they have no direct link with the end user. One option is to place a contractual obligation on the owner of the website to satisfy themselves that the necessary consent has been obtained from the user.
The only book available that deals exclusively with such companies