Understanding legal landscape around internet cookies is vital for businesses: David Hendry

The relevant laws governing cookies are dispersed across the Privacy and Electronic Communications Regulations (PECR) and the UK General Data Protection Regulation (UK GDPR). Specifically, Regulation 6 of PECR outlines the requirements for gaining access to information stored on a user's device, such as obtaining clear and comprehensive consent and providing information about the purposes of storing or accessing that information.

Essentially, organisations need to inform users about the types of cookies they use and the purposes for using them. The way this information is conveyed may differ, but it should be easily understandable and accessible. This information is commonly provided in privacy policies or distinct cookie policies.

The second part of Regulation 6, emphasises the need for organisations to secure user consent before placing cookies on their devices. Consent, as defined in PECR and mirrored in the UK GDPR, plays a pivotal role in ensuring users are aware of and agree to the storage or access of information through cookies.

Navigating the legalities of cookie usage can be complex, but it's a vital task for businesses in the digital realm. While there is no one-size-fits-all approach to informing users, clarity and accessibility are key. Whether it's a detailed privacy policy or a dedicated cookie policy, organisations must ensure that users can easily find and understand the information provided.

However, the cookie landscape does have its exemptions. There is one exemption, Regulation 6, Paragraph 4, that outlines scenarios where obtaining user consent may not be necessary. This includes the technical storage of information for the sole purpose of transmitting electronic communications or when such storage is strictly necessary for providing an information society service requested by the user. These exemptions apply to what are commonly referred to as 'essential cookies,' integral to the smooth functioning of a website.

Examples of essential cookies include those used to remember items in a shopping basket or session cookies that enhance the security of online services, such as those offered by online banking platforms. However, it's essential to note that not all cookies fall under the essential category.

Popular tools like Google Analytics, while valuable for website analytics, do not qualify as essential, necessitating the attainment of user consent before their placement.

The use of cookies in line with PECR can be overwhelming and businesses need to determine which aspects of the regulation apply to their marketing activities. In the ever-evolving digital landscape, staying informed about the legalities surrounding cookies is not just a regulatory obligation but a commitment to building trust with users.

As businesses strive to strike the right balance between providing a seamless online experience and respecting user privacy, a comprehensive understanding of cookie regulations is indispensable.

By navigating the sweet and sticky world of cookies with transparency and compliance, businesses can build a foundation of trust in the digital realm.

David Hendry is Director at Data Protection People