GDPR Cookie Compliance

January 2018

The current legal requirements for website cookies and similar technologies stem from the Privacy and Electronic Communications (EC Directive) Regulations 2003 and, as of 25 May 2018, from the European General Data Protection Regulation 2016 (known more commonly as simply, the “GDPR”).

Online privacy is constantly increasing in importance as more and more data becomes commodified. A lot of this data may not even be immediately recognisable as “personal data”, yet even anonymous identifiers that appear to be little more than combinations of numbers at first glance, can be relatively easily combined with other data and used to identify people. Indeed, the GDPR recognises this and increases an already generous list of what qualifies as “personal data”.

Cookies are among those facts of internet life which may not, in many cases, appear to contain personal data, but the GDPR’s new, wider definition of the term makes it much more likely that they will now be considered to.

Central to the GDPR are the related issues of transparency and control. It is vital that users are kept informed of how their data is used, and that they are given control over that data and your use of it. Consent, therefore, when it comes to using cookies, has never been more important.

Updated Cookie Law Guidance Notes

Our Cookie Law Guidance Notes have been updated to reflect this changing privacy landscape. Significantly increased emphasis has been placed on the obtaining of explicit consent to the use of all but “strictly necessary” cookies (that is, those without which your website couldn’t function), and the practical guidance on how to provide information and control to your users has been changed accordingly.

Limited insights are also provided from the forthcoming “ePrivacy Regulation”, another piece of EU privacy legislation that is (or perhaps “was”) planned to come into force on 25 May alongside the GDPR. At the present time, the legislation is still in draft form, working its way through the EU legislative process and is not expected to be finished on time. Even from the draft, however, some useful information can provide a clearer picture of how so-called “cookie law” is likely to take shape in the near future. Please note, however, that these are insights only and subject to change. Our current guidance and suggestions are based only on the current law and the GDPR.

Updated Cookie Policy

Our Cookie Policy template has also been updated in line with the changes that the GDPR will bring to this area of legal compliance. New options for cookie controls have been included in the text, and thus new mechanisms by which users are to “accept” the cookie policy itself. Increased detail (by way of new sections that mirror our recently-updated Privacy Policy Templates) has also been added with respect to the various types of cookies used by the website.

The contents of this Newsletter are for reference purposes only and do not constitute legal advice. Independent legal advice should be sought in relation to any specific legal matter.

Top