Cookies and Privacy
Legislation governs the usage of cookies, including the Privacy and Electronic Communications Regulations 2003 (‘PECR’). If cookie data is not anonymous, then the General Data Protection Regulation (‘GDPR’) and the Data Protection Act 2018 will also apply to the processing of the personal data.
Visitors to the website must have an option to positively and freely accept that cookies will be used. If the user wishes to do so they should be given the option to disable cookies.
The only exemptions to the rules are if either:
- The cookie is for the sole purpose of carrying out a transmission of a communication over an electronic communications network; or
- The cookie is strictly necessary to provide an ‘information society service’, which is to say a service over the internet requested by the user. This will only apply when the cookie is in fact essential to fulfil the request of the user.
You can carry out your own cookie audit, by taking the following steps:
- Identify all cookies which are operating on your website;
- Confirm the purpose or purposes of each cookie; and
- Confirm whether this information is linked to any other information, such as usernames.
As very simple way of checking cookies on a website is by visiting a cookie checker site, such as https://cookiepedia.co.uk and just type in the website address of the website you wish to check.
There are different types of cookies, including first party cookies, third party cookies, session cookies and persistent cookies. Note that the legislation also applies to Flsh Cookies and apps generally.