This article on Cookies Policy is Part 1 of a series of articles on all things tech related. Our Trainee Solicitor, Nick Goodchild, will bring his expertise to the table from a commercial point of view whereas, Partner, Nick Parkinson will be looking at things from a litigation perspective. Together, they are Tech-Nicks!
To get the ball rolling, our Trainee Solicitor, Nick Goodchild, examines the importance of the Cookies Policy. Cookies are part of virtually every website, but it can be confusing to understand what they do and the law that governs them. Luckily, our Tech-Nicks are here to break it down in simple terms.
What are Cookies?
Cookies are small computer files which are downloaded to your computer or smartphone when you visit a website. They are used to recognise your device and store information about your preferences and previous actions on the website.
What Regulations Apply?
Cookies are subject to the Privacy and Electronic Communications Regulations 2003 (PECR), and, where the cookies can identify an individual, they are also considered personal data subject to UK General Data Protection Regulation (GDPR).
What Are Our Legal Obligations?
PECR requires website operators to:
- inform users that cookies are being set on their device;
- provide clear, comprehensive information about what the cookies are doing and why; and
- get the user’s consent before setting the cookie.
The consent must be properly informed, freely given, and involve a positive action – such as clicking a box marked ‘accept’. Passive consent (doing nothing) is not enough.
An exemption to this rule is that website operators may set cookies without consent if they are ‘strictly necessary’ for the functioning of the website. But comprehensive information about these must still be given to the user.
What does this mean in practice?
In practical terms, this means that if your website is setting cookies on a user’s device, you should provide a list of all the cookies, and their functions, and give the user an easy way to consent to, or reject, the cookies being set on their device.
Frequently this takes the form of a ‘cookie banner’ or information box, which appears on the screen when the user first visits the website, along with a button to signify consent. Many will allow the user to toggle the cookies on or off, while specifying that ‘strictly necessary’ cookies are always on. Once the user has made their choice, the website should adhere to it.
In the background, it is important that no non-essential cookies are set on the user’s device without consent – this means that, if the user does not click to accept, the non-essential cookies should not be set automatically.
Looking ahead, in Part 2 of our series of ‘Tech-Nicks’ articles, we will be looking at Cookies from a complaints and litigation perspective. In other words, the consequences of ‘Getting Cookies Wrong’!
This article was originally published on: 30 October 2023