The legal requirements for websites using cookies are set out in the Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended by the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 . The rules came into force in the UK on 26th May 2011 and, since 26th May 2012, after a one-year grace period, have been enforced by the Information Commissioner’s Office (“ICO”).
Privacy online is of key importance. As internet users become increasingly aware of their rights and increasingly concerned that their data is being commodified without their consent, it is not only important from a legal standpoint that website operators comply with privacy legislation, but from a business one too.
Cookies themselves are relatively innocuous, and for both websites and users alike, a cookie can be a very useful tool. To name but a few uses, cookies are used for storing personalisation settings; keeping users logged into sites; enabling e-commerce shopping baskets and transactions; providing useful targeted advertising; and providing feedback on how users use a website, enabling the operator to make improvements.
All good stuff, right? If done properly, yes. Unfortunately, cookies and similar technologies have earned themselves a bit of a bad rap – particularly those that track user behaviour, however useful they may ultimately be to users. Cookies can be seen as intrusive and as infringing upon users’ privacy. Not only must website operators comply with the law, then, but they must also ensure that users understand and appreciate the role played by cookies in providing them with a positive user experience.
Updated Cookie Law Guidance Notes
First published in 2012, as the ICO began enforcing the Regulations, our Guidance Notes have now been updated, taking into account the realities that have set in over the four years since. Whereas many were initially concerned that complex technical arrangements would be necessary, many of which stood to jeopardise carefully-designed user experiences, the reality has proven to be considerably simpler. Providing clear information to users is unquestionably the priority, while gaining user consent has turned out to be rather simpler than many predicted.
The contents of this Newsletter are for reference purposes only and do not constitute legal advice. Independent legal advice should be sought in relation to any specific legal matter.