I’m not sure where to post this, as there are two issues here, but I’ll start in B&L as that’s the basic question.
I have a client using Google Analytics, and as I understand it, EU cookie law says they have to advise visitors that the site is using cookies and offer them the opportunity to opt out. I’ve been using this script to do that. It also adds a privacy tab to the site, which allows visitors to change their preferences at any time - also a requirement, I believe. The client wants the tab removed, because “she’s been told” she doesn’t need it.
So, first question (definitely B&L): is it necessary to provide an option to change settings or not?
Second question (not really B&L): can anybody suggest an alternative script or method which would keep the client happy? She probably wouldn’t object (too much) to a simple link in the footer, but there’s no provision for that with this script. (Writing my own really isn’t an option. ;))
The law states that users must me notified about 3rd-party cookies, what these cookies do, and there must be a way for the user to give consent to accept cookies. I don’t recall seeing anything about providing a way for users to change their preference about consenting. But–I can’t say that I’ve looked at it too closely since I’m not in the EU.
Hmm…maybe I just imagined it, because most (if not all) other sites I’ve noticed do seem to have a line in their cookie policy to the effect that you can change your preferences at any time.
Note that the ICO recently backtracked from not initially setting cookies to implied consent (and seTting cookies). If you visit their site they have a static banner that tells you they have used cookies, that then links to a standard cookies info page with the usual blurb that no-one reads and a button for disabling them.
Yep - and a link in the footer to let you return and change your preferences at a later date. But as Force Flow says, there doesn’t seem to be anything specifically stating that is a requirement.
That would be fine - if I could work out how to do it. I’m tired, I’ve had a couple of bad days and I need a holiday. Fortunately, I’m going on holiday tomorrow. I’ll take another look when I get back.
The whole directive has always been open to interpretation and there have never been and hard and fast do’s and don’ts published for guidance.
From what I can tell if you take reasonable step to provide basic cookie info, plus any options to change prefs (if you want to offer them) then that suffices. The ICO only seems interested in chasing sites that have done bothing.
It also adds a privacy tab to the site, which allows visitors to change their preferences at any time - also a requirement, I believe.
I’ve never heard of that requirementg. In this case, I think your client may well be right.
Note that the ICO recently backtracked from not initially setting cookies to implied consent
Bluedreamer, you refer to the ICO. Do you mean the (UK) Information Commissioner’s Office? If so, keep in mind that their policies and interpretations only apply in the UK. The cookie law is EU-wide, and how the ICO enforce and interpret it does not necessarily apply generally.
I’m tired, I’ve had a couple of bad days and I need a holiday. Fortunately, I’m going on holiday tomorrow. 
I’ll take another look when I get back.