I've been reviewing the ICO's guidance on cookies and am a little concerned that we aren't getting a visitor's consent actively:
"You must tell people if you set cookies, and clearly explain what the cookies do and why. You must also get the user’s consent. Consent must be actively and clearly given."
Most websites are getting consent actively by requiring the user to accept a pop-up banner before they can browse the site. Is there a way to accomplish this please?
Lots of sites do have popups asking for cookie consent, but these are not always necessary. It's my belief that this is not necessary for Voice sites.
Getting active consent with a popup for saving cookies is not required for cookies that are essential for the functionality of a site. See the "Are there any exemptions?" section of the link you shared.
Voice itself only sets cookies when you log in, and this is essential. We need to store the logged in user details.
As well as being essential for the login to work, even if you then take the view that we still need to get consent, you could reasonably argue that the act of logging in is in itself giving consent to set a cookie.
There is one grey area here though.
We do use Google Analytics on the site, which does set cookies, and is not essential to the functionality of the site. These are completely anonymised and do not store any personal information.
I've enabled the "anonymise IP" setting in the analytics code, and we don't use any of their advertising features. Google's guidelines say that in this case we do not need to get user consent to set the cookies.
Thus, assuming that google's guidelines are correct, then adding a cookie popup is unnecessary.
(And, adding one would be annoying for visitors, of course!)
Joe - Voice Admin