The English regulatory authority ICO has its Guidelines on cookies and similar technologies updated at the beginning of July 2019. From the perspective of the ICO applies, among other things:
- Consents cannot be obtained in terms of use of websites and privacy statements, but must be given separately:
Consent must be separate from other matters and cannot be bundled into terms and conditions or privacy notices. The key point is that you should be upfront with your users about your use of cookies. You should obtain consent by giving the user specific separate information about what they are being asked to agree to and providing them with a way to accept by means of a positive action to opt-in.
- Consents may not be voluntary for cookie walls, but a case-by-case assessment is required:
The key is that individuals are provided with a genuine free choice; consent should not be bundled up as a condition of the service unless it is necessary for that service.
- the use of default settings does not imply consent:
Enabling a non-essential cookie without the user taking a positive action before it is set on their device does not represent valid consent. By doing this, you are taking the choice away from the user.