The current legal requirements for website cookies and similar technologies
stem from the Privacy and Electronic Communications (EC Directive)
Regulations 2003 and, as of 25 May 2018, from the European General Data
Protection Regulation 2016 (known more commonly as simply, the “GDPR”).
Online privacy is constantly increasing in importance as more and more data
becomes commodified. A lot of this data may not even be immediately
recognisable as “personal data”, yet even anonymous identifiers that appear
to be little more than combinations of numbers at first glance, can be
relatively easily combined with other data and used to identify people.
Indeed, the GDPR recognises this and increases an already generous list of
what qualifies as “personal data”.
Cookies are among those facts of internet life which may not, in many
cases, appear to contain personal data, but the GDPR’s new, wider
definition of the term makes it much more likely that they will now be
Central to the GDPR are the related issues of transparency and control. It
is vital that users are kept informed of how their data is used, and that
they are given control over that data and your use of it. Consent,
therefore, when it comes to using cookies, has never been more important.
Updated Cookie Law Guidance Notes
Our Cookie Law Guidance Notes have been updated to reflect this changing
privacy landscape. Significantly increased emphasis has been placed on the
obtaining of explicit consent to the use of all but “strictly necessary”
cookies (that is, those without which your website couldn’t function), and
the practical guidance on how to provide information and control to your
users has been changed accordingly.
Limited insights are also provided from the forthcoming “ePrivacy
Regulation”, another piece of EU privacy legislation that is (or perhaps
“was”) planned to come into force on 25 May alongside the GDPR. At the
present time, the legislation is still in draft form, working its way
through the EU legislative process and is not expected to be finished on
time. Even from the draft, however, some useful information can provide a
clearer picture of how so-called “cookie law” is likely to take shape in
the near future. Please note, however, that these are insights only and
subject to change. Our current guidance and suggestions are based only on
the current law and the GDPR.
that the GDPR will bring to this area of legal compliance. New options for
cookie controls have been included in the text, and thus new mechanisms by
Templates) has also been added with respect to the various types of cookies
used by the website.
The contents of this Newsletter are for reference purposes only and do not constitute
legal advice. Independent legal advice should be sought in relation to any specific