The ICC publishes its 'UK Cookie Guide' on 2 April 2012 to provide guidance to website operators and website users alike.
This post was written by Cynthia O'Donoghue.
Part 1 of the Guide provides guidance for website operators in relation to content and information contained within the rest of the Guide. Part 1 is intended to provide information to website users in layers, allowing users to access as much or as little information as they want regarding cookies, with the initial layer designed to be simple and straightforward. Part 1 details that the Guide can be used by website operators to educate their users and can make it easier to gain their consent by giving users consistent information across different websites. The Guide is intended to make it easier for users to access information about cookies and be in an informed position to give their consent. Part 1 also touches upon the idea of "browser-based compliance," and the use of icons linked to mechanisms of control so that the user can click onto the icons to find out more information.
Part 2 of the Guide puts cookies into four categories based on their functions and what they are used for. The Guide points out that these categories are not definitive and there may be cookies that do not fit. Furthermore, the categories are designed to evolve as more cookies are discovered. Where a cookie does not fit, website operators will have to devise their own wording and consent approach. The Guide identifies the four categories as:
- Strictly necessary cookies
- Performance cookies
- Functionality cookies
- Targeting or advertising cookies
Part 2 of the Guide includes a case study describing what a cookie is and gives tips and guidance for website operators on how to approach each category, and how to explain clearly what each category of cookie is used for.
Part 3 of the Guide focuses on technical notes and definitions of the four categories of cookies, giving examples of when the cookies are used and the information that the cookie collects. For example, in Category 1: strictly necessary cookies are “essential first-party session cookies” and will generally be used to store a unique identifier to manage and identify the user in order to provide a consistent and accurate service. Category 1 cookies will remember previous actions or text and will manage, pass and maintain security tokens (i.e., identify if the user is logged in). However, these cookies will not be used for marketing or to remember preferences outside of a single session.