I respectfully submit that Ipstenu is misinterpreting the definition, which has a VERY narrow meaning.
That section continues (and I've thrown some bold in, to help):
In defining an 'information society service' the Electronic Commerce (EC Directive) Regulations 2002 refer to 'any service normally provided for remuneration, at a distance, by means of electronic equipment for the processing (including digital compression) and storage of data, and at the individual request of a recipient of a service'.
The term 'strictly necessary' means that such storage of or access to information should be essential, rather than reasonably necessary, for this exemption to apply. However, it will also be restricted to what is essential to provide the service requested by the user, rather than what might be essential for any other uses the service provider might wish to make of that data. It will also include what is required to comply with any other legislation the person using the cookie might be subject to, for example, the security requirements of the seventh data protection principle.
Where the setting of a cookie is deemed 'important' rather than 'strictly necessary', those collecting the information are still obliged to provide information about the device to the potential service recipient and obtain consent.
This exception is likely to apply, for example, to a cookie used to ensure that when a user of a site has chosen the goods they wish to buy and clicks the ‘add to basket’ or ‘proceed to checkout’ button, the site ‘remembers’ what they chose on a previous page. This cookie is strictly necessary to provide the service the user requests (taking the purchase they want to make to the checkout) and so the exception would apply and no consent would be required.
The Information Commissioner is aware that there has been discussion in Europe about the scope of this exception. The argument has been made in some areas that cookies that are used for resource planning, capacity planning and the operation of the website, for example, could come within the scope of the exemption. The difficulty with this argument is that it could equally be made for advertising and marketing cookies (whose activities help to fund websites). The intention of the legislation was clearly that this exemption is a narrow one and the Commissioner intends to continue to take the approach he has outlined clearly in published guidance since the 2003 Regulations were introduced.
Activities likely to fall within the exception
- A cookie used to remember the goods a user wishes to buy when they proceed to the checkout or add goods to their shopping basket
- Certain cookies providing security that is essential to comply with the security requirements of the seventh data protection principle for an activity the user has requested – for example in connection with online banking services
- Some cookies help ensure that the content of your page loads quickly and effectively by distributing the workload across numerous computers.
Activities unlikely to fall within the exception
- Cookies used for analytical purposes to count the number of unique visits to a website for example
- First and third party advertising cookies
- Cookies used to recognise a user when they return to a website so that the greeting they receive can be tailored