Batch of the day - Guidance about the use of cookies on UK websites v0.2 - Flipbook - Page 6
06
07
Greater than the crumb of its parts
Consent
‘Cookie law’
This means the same in cookie law as it does in the UK GDPR: “any freely given, specific, informed and unambiguous indication of the data
In the UK, the Privacy and Electronic Communications Regulations (PECR) sits alongside the UK GDPR to give individuals specific additional
to him or her."
subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating
privacy rights. There are specific rules on (amongst other things) cookies (and similar technologies). It is these rules which are referred to in this
This means that the user must be able to control the use of cookies and that:
guidance as ‘cookie law’.
Consent requires clear and positive action in order to be valid
In summary, cookie law means that you must tell individuals if you are using cookies and, if so, provide clear and comprehensive information that:
Implied consent will not be valid
Non-essential cookies should not be pre-enabled (enabling a non-essential cookie without the user taking a positive action before it is set
Identifies the cookies; and
on their device is not valid consent - by doing this, the website operator is taking the choice away from the user).
States the purposes for which it is intended to use them; and
Sets out how long they will last for on a device (their duration)
In practice, this means that on websites, none of the following statements will comply with cookie law:
In addition, cookie law says that you must obtain a user’s consent to use any cookies that are not ‘strictly necessary’.
Strictly necessary cookies
A cookie is strictly necessary if it is essential (rather than reasonably necessary), to provide
a service requested by a user, to ensure security, or to comply with data protection law. It
does not cover what might be essential for any other uses that the organisation setting the
cookie might wish to make of that data.
This means that the strictly necessary exemption has a narrow application, and that
advertising and analytics cookies are not ‘strictly necessary’ and so do not fall outside the
cookie consent rules. Whilst such cookies may be considered crucial from an advertising
and marketing point of view, they are not ‘strictly necessary’ from the point of view of a user.
By continuing to use this website you are agreeing to cookies
We’ve placed cookies on your device to help to improve your experience’. By continuing to use the site you consent to this.
We use cookies to give you the best online experience. By accessing this website, you give your consent to our use of cookies.
We use cookies to improve and personalise your experience. By continuing to use the site, you agree to our use of cookies.
Furthermore, users can withdraw their consent at any time. This means that:
Any consent mechanism must have the technical capability to allow users to withdraw their consent with the same ease that they gave it.
Information must be provided about how consent can be withdrawn and how cookies that have already been set can be removed (in your
consent mechanism or within your privacy or cookie policies).
The consequences of withdrawing that consent should be made clear, e.g., by explaining the impact on the functionality of the website.