It is woefully confusing though because it doesn't tell you what happens if you don't tick the box and continue to use the website, the privacy policy explains all the cookies in detail, even giving you links to privacy policies of third parties, but it doesn't let you selectively block cookies - only accept the cookies.

In other words, the website of the body that is supposed to be showing people how to make the use of cookies more transparent for users is actually proving how impossible it is to do that.

The trouble we are going to have now with privacy is that the browser vendors are simply going to put the stats into their browser id. You have already ticked the box to say that you don't mind this. They already have your unique product key. They already know who you are.

We all get drawn into this.

Storing information on the terminal has security issues. Hmm. Not particularly interested.

I look at this and I see only a couple of things that are required by advertisers, businesses, etc, but might not be wanted by the end user:

1) The ability to identify the session
2) The ability to identify the computer (i.e. the returing session)

These are the two core things that are important to GA I think.

Anything other than this should be illegal as far as general browsing goes. I can't see why the lawmakers can't define it simple rather that waffling with rubbish about storing things on terminals.

Therefore it is the business, not Google, that issues the cookie from its own domain, the data cannot be altered or retrieved by any service on another domain.

No personally identifiable information is captured (to attempt to do so would be in breach of GA's terms of service). The information stored on the terminal is available to view by the business and the end user alike - a recent one I picked up looks like this:

71233416.1306161650.5.3.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ico%20clarification%20on%20privacy%20guidelines

It tracks nothing about me personally, in this instance it just shows how I arrived at the ICO website - google, that it was organic (not paid) search and what specific search term I used to get there.

My browser already lets me delete this or can even block my machine from accepting it in the first place, again at browser level.

Google Analytics does not store information the business does not have access to - the only information it captures that it does not let the business see is the visitor's IP address. This provides a degree of regional context to the reporting, but is anonymised by Google. This is the only piece of "hidden" information and as a GA user, I have no desire or need to see it. IP can even be anonymised directly in markets or by businesses that require it, meaning Google doesn't hold the data either.

I think there is a lot of fear about the wrong thing here - on a scale of cookies, GA is about as benign as you get. Given that this ruling came into to tackle suspect 3rd cookies exploited by behavioural targeters and cookie exchanges, I find it frustrating that the focus settles on an above board 1st party cookie that was never the target of the legislation - but simply got fudged into the guidelines.

Most of the privacy controls Nick mentions already exist at a browser and user access control level. I am really not sure an individual online business should be expected to police a families web usage via cookies - surely this kind of control should be managed by the family at the device and browser level?

Traditionally however it is the overall responsibility of the publisher to ensure that all the components of the communication channel meet the necessary criteria.

So there we see another obvious point of non-compliance from the ICO. They use Twitter to publish information, and when I go to their Twitter pages I do not get asked anything about Cookies. So, going by their example on their own website (where they take responsibility for asking the question regarding Analytics) they either need to discontinue their use of Twitter or to ensure that their Twitter pages ask the question when I visit them.