Cookie Watch: The ICO Wakes Up, Now Using Implied Consent

February 01, 2013 Josh Amer

When we talk about cookie laws, usually the first question we get asked is: “Can you show me an example?” One of the examples we frequently show is found on the UK Information Commissioner's Office (ICO) website. In the UK, the ICO is the organization that provides guidance on things like how to go about implementing rules for cookie usage. In the past, they've taken an explicit consent approach to cookies, requiring visitors to tick a box before cookies are set. At first, many companies believed this would be required of them (and in some countries it may be). Then the ICO said you could use implied consent; however, the ICO itself stuck with explicit consent, still requiring visitors to its website to manually elect to have cookies stored via a checkbox that displayed in the site’s header:


What happened next, we can only assume, but it’s likely that very few said “yes, please use cookies.” We assume this partially because yesterday (31/1/13) the ICO made the switch to implied consent - meaning the ICO will now assume visitors are okay with its cookie usage unless they say otherwise - but more so because of the ICO’s stated reasoning for making the switch:

We made this change so that we can get reliable information to make our website better.

The ICO website as of 31/1/2013:


We’re not here to point fingers or call names, but isn’t that what website developers, content managers and anyone else that touches a website have been saying all along? Cookies can be incredibly valuable for tracking website visitors. Without them, it can be very difficult to get an accurate picture of how your website is being used, making it even more difficult to make your website any better. This is increasingly true as websites shift even further from the olden days of static information to the modern age of interactive experiences.

So there it is... we've won! Maybe. At least for now. At least in the UK. Remember, the EU cookie directive applies to all member states and has been interpreted differently by different members. If you’re targeting France or the Netherlands, you may have a bigger hill to climb.

What does this mean for you?


If you have a website that is targeting visitors in the UK, we still recommend that you notify your visitors that cookies are in use on your site, but you don’t need to specifically ask for permission to set cookies. You can safely imply consent, as long as it is reasonably clear to your visitors that your website uses cookies and you let them know what those cookies are for. And of course, consult with your counsel before making this decision.

As always, One North will continue to track developments in the EU Privacy directive and post them to the Cookie Watch series. We've also curated a collection of relevant sites and articles that you can find on our Delicious account:


The One North Ideas Update delivers each month’s latest posts on digital for PSOs—including industry trends, news and our latest research—directly to your inbox. Although it’s our goal to always include thought-provoking and compelling content, you can unsubscribe at any time. 

See our Privacy Policy to learn more about how we protect and manage your submitted data.

Josh Amer Strategist

At the time of publishing, Josh was a Strategist at One North.

One North Interactive 
222 North LaSalle St, #1500
Chicago, IL 60601

+1 312.469.1740