Cookie Law

29 March 2013

A “cookie” is a piece of data stored by a website which is then used to keep records of individuals' internet browsing histories.  There are many different types of cookies, however, simply put they allow a web provider to store information on your machine.  This information allows the website provider to compile a database of pages you have used and information you have given to the site, which helps the website provider to understand what interests each individual user that visits their site.  Cookies might be used for example to record a particular item in your shopping basket before you check out or to count the number of people visiting a particular website. 

On 26th May 2011 the Privacy & Electronic Communications Regulations came into force in the UK to address a new EU directive.  The directive demanded that businesses and organisations, who operate websites in the UK, gain consent from any visitor to their website in order to store “cookies” on the individuals' computer. 

It was inevitable that the law would seek to introduce privacy legislation requiring websites to obtain consent from visitors to store or retrieve information on a computer or other web connected device.  Many argued that online privacy of customers had to be protected by making individuals aware of how information about them is collected and essentially enabling them to decide whether or not they want this to happen.

Many businesses throughout the UK may be unaware that the law is already in effect however, there was a one year grace period before enforcement began which expires on 26th May 2012.  One likely practice which will come into place over the coming months is that you will start to see more information about “cookies” on websites and be given a choice as to whether or not you participate in their use.  Organisations will have to provide clear information about “cookies”, however, simply put website providers will be expected to provide users with a general level of understanding about what is likely to happen on the pages they use.  The Regulations so as far as requiring that any user consent to the use of personal data relating to them being processed.  As such, some website providers have began to introduce an icon button which will allow the web user to click and essentially subscribe to the use of “cookies”.  Whilst this may not be applicable for every website the overriding consideration is to ensure that any individual who visits a particular site fully understands what they will be giving their consent to.

It is essential that all website providers start work on complying with the new Regulations and should perhaps initially consider what type of “cookies” and similar technologies they use on their website.  Website providers should then consider how intrusive different types of cookies are in order to ascertain what solution is required to comply with the Regulations.  It is evident that the more intrusive the particular “cookie” the more will need to be done to gain specific consent from the user.  At the very least website providers should begin by providing efficiently detailed and user friendly text which allows any user to understand the potential consequences of consenting to the use of “cookies” if they wish to do so. 

The above article is not legal advice, it is intended to provide information of general interest only. 

Should you require any information in relation to the issues raised in this article please contact Christopher Ahearne on 01245 228130 or email