Stay Legal UK

Orange background, blue icon representing a cookie policy

A cookie is a ‘text file’ which usually contains two pieces of information, a site name and unique user identification. When a user visits a site that uses cookies for the first time, a cookie is downloaded to the device. The next time that site is visited the device sends that information back to the site.  The site then knows that the user has been there before, which can assist it to tailor the on-screen pop ups for the user. Some cookies are more sophisticated and might, record time spent on a page, the links clicked, page layout preferences and colour schemes. Some can also store data on what is in the users ‘shopping cart’. They are also commonly used to target advertise at a user based on their browsing history.

The use of cookies and similar technologies is currently regulated through the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PEC Regulations). Regulation 6 states that ‘website operators cannot store information or gain access to information stored in the terminal equipment of a user unless the user is provided with clear and comprehensive information about the purpose of such storage or access and has consented to it’. Regulation 6 does not apply to cookies which are necessary to provide an online service requested by the user.

When user consent is required under the PEC Regulations for the use of cookies, the consent must fulfil the validity criteria founded under the General Data Protection Regulations (GDPR). Article 4 states that it must be a freely given, specific, informed, and unambiguous indication of the data subjects wishes by which he or she by statement or by a clear affirmative action signifies agreement. This means that a procedure must be applied to enable users to positively and unambiguously indicate that they consent to the use of cookies. This can be done with the use of an unchecked tick box. Implying consent from continued use or browsing of a website is not permitted. Using pre-ticked boxes or sliders already set to ‘on’, ‘accept’ or similar is also not permitted. The information describing cookies and their uses must be available to users before consent is gained to ensure that the consent is ‘informed’. This is usually done with a cookies’ notice. If third parties are used, the information must provide users with the names of those third parties.

Article 7 of the GDPR states additional requirements that apply to the consent. These are:

  • Consent requests must be accessible and in clear and plain language.
  • Consent requests cannot be ‘bundled’ for instance, into the term and conditions.
  • Users should be able to withdraw their consent to non-essential cookies at any time.
  • Consent is demonstrable, it can be evidenced.

A Lawdit Stay Legal package includes all the documents your website needs, tailored to its needs. This includes a cookie notice, intellectual property notice, privacy policy and terms and conditions. A Stay Legal Package will take the stress out of legal compliance.

Stay legal logo large

More From Stay Legal

Share this with your network
Share on linkedin
Share on twitter
Share on facebook
Share on email
Share on whatsapp