UK’s ICO advises that website owners need to get users’ permission to use analytics

Whether analytics are considered essential has long been debated among website owners.


For how small a piece of data cookies are, they're certainly highly controversial.

Websites put them on computers via their users' browsers, and if cookies come from third parties, their tracking and personal data collecting ability can lead to privacy abuses.

In the UK, the Information Commissioner's Office (ICO) – an independent body upholding information rights – has announced new guidance on the use of cookies, meant to clarify this practice in view of the recently introduced new rules.

The ICO argues in favor of both innovation in the digital sphere, and privacy protections, and seeks to “bust myths” around the manner cookies can and cannot be implemented by online services.

For one thing, the post rejects the notion that “implied consent” of users is nowadays enough either to use non-essential cookies or to process personal data.

In other words, users will have to explicitly opt-in, even when it comes to analytics and web marketing and advertising cookies, which are defined as non-essential.

The ICO explains that even though websites may view forcing analytics tracking onto users as essential to their business or service – “they are not part of the functionality that the user requests when they use your online service.”

And while running analytics is useful, the absence of these tools would make no difference to the way the end-user interacts with a website – therefore this type of cookies requires consent.

The guidance also does not favor “blanket approach such as cookie walls restricting access until users consent” – but notes the differences of opinion, and promises further debate before taking a stance.

Geared toward those running online services, this guidance – which in UK's bureaucratic parlance, does not mean an explicit recommendation – draws inspiration from the standards of the General Data Protection Regulation (GDPR).

This is true even though the use of cookies is regulated through a different set of rules, known as the Privacy and Electronic Communications Regulations (PECR).

In the blog post, the ICO tries to convince those implementing cookies that complying with rules and implementing more transparency and accountability toward their users can only benefit everyone – while denying that the office is pushing for an entirely “cookieless” internet, that would do away with the “smooth running and convenience” of the internet and the services on it.

That being said – “cookie compliance will be an increasing regulatory priority for the ICO in the future,” said the office.


Didi Rankovic

Didi Rankovic is an experienced online journalist, editor, and translator, with a career spanning over ten years writing for major a English-language website in Serbia, and previously working as translator for international organizations and peacekeepers in the Balkans. Rankovic is passionate about free and open source tech and is a head contributor for Reclaim The Net, focusing on lead stories. [email protected]