• Contact
  • Accountants: +44 (0) 1753 551111
  • Solicitors: +44 (0) 20 7067 4300

What are cookies?

Cookies are small files which are stored on your browser or the hard drive of your computer and allows a website to recognise users and store information about that users’ preferences and behaviours. .
Cookies are most frequently used to:

  • optimise the efficiency of a website;
  • collect details about visitors to a website;
  • track movements around a website; and
  • analyse visitor trends

Cookies can be used to collect a variety of information and will have differing lifespans. Some cookies will be automatically deleted as soon as a session ends, whereas others will remain on the user’s device for subsequent visits to the website. The lifespan will generally reflect the type of information being collected and the intended use of the particular cookie.

What are the EU/UK requirements on cookies?

Following the introduction of the GDPR in the EU and later as implemented into UK law, the Privacy and Electronic Communications Regulations (PECR) was updated to adopt the GDPR rules of consent. The rules and requirements around the use and collection of cookies has therefore changed. For a general overview of the GDPR please see our related Quick Guides and booklet on this subject.

Where cookies are used, the website host/owner must meet certain requirements:

Providing Information: Website owners/hosts are required to provide clear and comprehensive information about the cookies used on a website. This should include information about any third parties which host cookies on their websites; any transfers to third parties; and the owner/host’s use of the data collected by the website.

The easiest way to provide this information is through a Cookie Policy linked to the website’s Privacy Policy.

Consent: Under PECR and GDPR, a business must obtain the consent of an individual before collecting and processing their personal data. Consent will only be valid if it involves a clear positive action in which the user specifically, freely and knowingly indicates their consent (e.g. checking a box). It will not be valid if the information is hard to find, difficult to understand, or rarely read.

This does not need to be repeated each time a person visits your website but will need to be repeated where the cookies or the way you use them changes. You should also need to consider whether it is appropriate to repeat the requirements at different intervals to ensure transparency.

When does GDPR and PECR apply?

The above requirements are compulsory to all businesses which:

  • are based in the UK or EU;
  • provide services to customers based inside the UK and EU; and/or
  • place cookies on the hard drive of an individual based in the UK or EU.

It is therefore important that you are providing full and transparent information to any customers or users of your website, if it is used by any individuals based in the UK.

How to ensure your business complies with its cookie obligations

The best way to ensure compliance is through a Cookie Policy and a roll-down notification statement that appears when users first access the website.

A Cookie Policy must be noted prior to full use of the website and should include the following information:

  • The type of information collected through cookies.
  • How long information will be held.
  • Whether any information will be shared with third parties.
  • Whether any information will be transferred out of the EEA.
  • The purpose of each type of cookie and why it is being used.
  • How to opt out of the use of cookies (including confirmation of how this may impact on the user experience of the website).

The ICO recommend that businesses undertake regular cookie audits to identify the cookies which are used by the website and the characteristic of each cookie.

How we can help

Oury Clark can review your current policies and provide advice on updates and implementation in order to ensure that you are compliant with GDPR and PECR. We can also provide advice on the process needed to conduct a cookie audit.

The UK Government are currently undergoing a consultation period which looks to adjust the UK implementation of the GDPR, and it is anticipated that the rules around cookies are expected to change. We can provide advice on anticipated or actual updates which you may need to take into consideration.   

If you require any further information or assistance about your obligations in connection with cookies or data protection more generally then please contact: contact@ouryclark.com

  • Member of London Partners
  • Member of London of Chamber Commerce and Industry
  • The Royal South Bucks Agricultural Association
  • The Association for UK Interactive Entertainment
  • Offical Xero Partner

Copyright © 2013 - Oury Clark.

Oury Clark is authorised and regulated by the Financial Conduct Authority and is entered on the Financial Services Register under reference 100556.