![Default Article Featured Image_laptop-newspaper-global-article-090623[95].jpg](https://images.contentstack.io/v3/assets/bltd4dd5b2d705252bc/blt61f52659e86e1227/64ff207a8606a815d1c86182/laptop-newspaper-global-article-090623[95].jpg?width=3840&quality=75&format=pjpg&auto=webp)
The ICO published updated cookie guidance on 13 December, together with a press release telling website operators that they “must try harder” on compliance. The guidance is designed to assist organisations to comply with amendments to the UK's e-Privacy Regulations, which require visitors' consent to the serving of or access to website cookies.
While the guidance indicates that user consent should normally be sought before a cookie has been dropped, the ICO indicates it will take a sympathetic line with website operators where the time period between dropping a cookie and obtaining consent is short. The guidance also acknowledges the possibility of an "implied consent" route to compliance—as long as website operators are sufficiently transparent in their use of cookies and visitors' actions are truly indicative of their acceptance of cookies. The guidance also provides useful information on cookies that are "strictly necessary" and therefore exempt from the consent requirements—in this instance clarifying that cookies dropped for security purposes, to maintain online shopping baskets and to facilitate efficient page loading do not require consent.
