By following this guide, you can gain a better understanding of what cookies are, and whether or not your website is compliant in its use of them. If you have any questions that aren’t answered below, please get in touch.

Cookies, and how to deal with them, is a common talking point in many industries. Organisations are often unsure on how to comply with the varying regulations whilst still gaining important user information enabling them to continue as a business. You can use this top tips guide to help you make an informed decision about whether or not you are adhering to current laws within the UK.

Cookies are just simple text files that contain two pieces of information; a site name and a unique user ID. For example, when you visit a site that uses cookies for the first time, a cookie is downloaded onto your device so that the next time you visit that site, your computer checks to see if it has a cookie that is relevant (that is one containing the site name), and sends the information contained in that cookie back to the site. The site then ‘knows’ that you have been there before, and in some cases, tailors what pops up on a screen to take account of that fact. This can be helpful to vary content according to whether this is your first-ever visit to a site, or you visit a particular site a lot.

Within the UK the current regulation around cookies, and similar technologies, is the Privacy and Electric Communications Regulation, often known as PECR. The rules around cookies are detailed in Regulation 6.

You may have also heard people talk about the ePrivacy Directive or the EU Cookie Law. This Directive relates to individuals that reside within the EU and is designed to protect online privacy. It is important that if you track cookies of UK and EU residents you adhere to both pieces of legislation.

If you own a website, you will need to make sure it complies with the law, and this usually means making some changes. If you don’t comply you risk enforcement action from regulators, which in the UK means The Information Commissioners’ Office (ICO). In exceptional cases, this can mean a fine. However, non-compliance could also have other, perhaps more serious consequences than enforcement. There is plenty of evidence that consumers avoid engaging with websites where they believe their privacy is at risk, and there is a generally low level of trust about web tracking by the use of cookies.

Compliance with regulation comes down to three basic steps:

  • Work out what cookies your website sets, and what they are used for.
  • Tell your website visitors how you use cookies.
  • Obtain their consent, and give them real control over the use of cookies.

You are allowed to use some cookies without consent, more specifically those that are necessary to operate your website. For further information have a look at the guidance from the ICO.

The easiest way to ensure that your website is compliant is to implement a 3rd party cookie banner, which will allow you to gain consent from the individual visiting your website. These are often inexpensive, and provide your website user with a clear explanation about the cookies you may place on their device, with and without their consent. The cookie banner needs to be clear, and most importantly the user needs to give a positive action for you to gain their consent, e.g. a tick box. The user must be able to understand that they are now giving their consent to store cookies on their device.

You should also provide the user with a cookie notice, which clearly explains the different cookies that you use on your website. This cookie notice should be clear and easy to understand and provide information about the different cookies you use. It should also cover all cookies.

  • Do the ICO’s cookie audit.
  • Understand what cookies you are running on your website.
  • Implement a cookie banner that ensures you gain consent in the correct manner.
  • Write your cookie notice.

If you have any other questions or concerns, get in touch with us. We can support you with our website compliance services, which include implementing the well known cookie banner, CookieScan™.