Cookies are small files which are stored on your browser or the hard drive of your computer and allows a website to recognise users and store information about that users’ preferences and behaviours. .
Cookies are most frequently used to:
Cookies can be used to collect a variety of information and will have differing lifespans. Some cookies will be automatically deleted as soon as a session ends, whereas others will remain on the user’s device for subsequent visits to the website. The lifespan will generally reflect the type of information being collected and the intended use of the particular cookie.
Following the introduction of the GDPR in the EU and later as implemented into UK law, the Privacy and Electronic Communications Regulations (PECR) was updated to adopt the GDPR rules of consent. The rules and requirements around the use and collection of cookies has therefore changed. For a general overview of the GDPR please see our related Quick Guides and booklet on this subject.
Where cookies are used, the website host/owner must meet certain requirements:
Providing Information: Website owners/hosts are required to provide clear and comprehensive information about the cookies used on a website. This should include information about any third parties which host cookies on their websites; any transfers to third parties; and the owner/host’s use of the data collected by the website.
Consent: Under PECR and GDPR, a business must obtain the consent of an individual before collecting and processing their personal data. Consent will only be valid if it involves a clear positive action in which the user specifically, freely and knowingly indicates their consent (e.g. checking a box). It will not be valid if the information is hard to find, difficult to understand, or rarely read.
This does not need to be repeated each time a person visits your website but will need to be repeated where the cookies or the way you use them changes. You should also need to consider whether it is appropriate to repeat the requirements at different intervals to ensure transparency.
The above requirements are compulsory to all businesses which:
It is therefore important that you are providing full and transparent information to any customers or users of your website, if it is used by any individuals based in the UK.
The ICO recommend that businesses undertake regular cookie audits to identify the cookies which are used by the website and the characteristic of each cookie.
Oury Clark can review your current policies and provide advice on updates and implementation in order to ensure that you are compliant with GDPR and PECR. We can also provide advice on the process needed to conduct a cookie audit.
The UK Government are currently undergoing a consultation period which looks to adjust the UK implementation of the GDPR, and it is anticipated that the rules around cookies are expected to change. We can provide advice on anticipated or actual updates which you may need to take into consideration.
If you require any further information or assistance about your obligations in connection with cookies or data protection more generally then please contact: firstname.lastname@example.org
Copyright © 2013 - Oury Clark.