I have been advising various clients about the impending "Cookie Law" that is coming into force on the 26th May. What has become clear is that there is no "one size fits all" method that can cover this policy.
Cookie usage for the many sites we manage seems to fall into two categories: Analytics and Site Functionality. The law seemed to be fairly clear cut, i.e. you must ask users to opt into your cookies, unless they are needed for the running of eCommerce or similar functionality. However having read this interview on eConsultancy, it appears that the enforcement of this ruling will be dealt with on an exception basis.
Noteably social networking sites such as Facebook, Twitter and Google are all excluded from the ruling.
It is also worth noting that analytics data is key to the running of many sites, it helps site owners shape the content, monitor performance and improve the user experience. Analytics data doesn't hold the means to link back to the visitor, no personal data is held. And Dave Jones mentions in the eConsultancy interview that: "Just because analytics cookies are caught by this law doesn’t mean a strict opt-in is necessary. It could, in some cases, be seen as an essential part of the relationship."
Our advice is as follows:
1, Do a cookie audit, check what cookies your site uses, and what data they hold. Document all cookies used on your site, and identify any that may fall inside the ICOs guidelines.