They put out very late, confusing guidance and finally (the day before the rules came into force) decided to give a year’s grace period in enforcing the new rules.
1. check what type of cookies and similar technologies are used and how on your web-site;
2. assess how intrusive your use is; and
3. decide what solution to use to best obtain consent.
The guidance then goes on to flesh out what this means in different scenarios, but contrary to expectations rules out the use of browser settings as a general solution.
However, as commentators have noted, this guidance is far too close to the implementation deadline to be of much practical assistance to website owners – this should have been published well in advance and its lateness will significantly increase compliance costs.
On 25 May the Information Commissioner published enforcement guidelines. This (to put it mildly) didn’t give businesses much time to react. It seems to have be published partly in reaction to the public outcry following ICO’s prior late guidance and gives companies a year’s grace period to comply with the (still unclear) new rules.