Totally agree, it has not been properly thought out.
Mostly it not enforcable, the ICO employs around 350 people – even if all of them were checking website compliance they would be swamped.
The ICO are not even sure what compliance is yet, or what it will be in a years time!
Dave Evans, Group Manager for Business & Industry at the Information Commissioner’s Office (ICO), was interviewed in April this year – these are couple of his answers (full interview http://econsultancy.com/uk/blog/9610-q-a-the-ico-s-dave-evans-on-eu-cookie-law-compliance )
Will you come up with a definitive answer on what compliance is?
We don’t know what compliance will look like in a year’s time.
There are lots of gaps here, and we want people to fill them with good practice. We can then point to examples of this and everyone will have a greater understanding of what is required.
We hope that this will pick up over the next month or so.
Will ‘implied consent’ solutions be enough in some cases?
The law does allow us some leeway, and if a company’s revenue would drop if it went for a strict opt-in, then we could look at different ways of educating users and gaining consent.
Just because analytics cookies are caught by this law doesn’t mean a strict opt-in is necessary. It could, in some cases, be seen as an essential part of the relationship.
If it looks like an organisation has put enough information there, and it is clearly visible, such that it wouldn’t be likely that users would miss it, then it’s unlikely we would take that [complaint] further.
This sounds different to the advice given in the guidance document produced by the ICO http://www.ico.gov.uk/news/latest_news/2011/~/media/documents/library/Privacy_and_electronic/Practical_application/guidance_on_the_new_cookies_regulations.ashx
My thoughts, for what they are worth (IANAL):
2. State that “We are working towards a compliant solution for the EU e-privacy directive 2009/136/EN”
3. Providing you are not a big-bussiness, simply wait and see what the ICO says in a couple of months time.
This is what I am advising my small business and hobby/personal site clients to do.