What do we need to do to comply?
The rules on cookies are in regulation 6. The basic rule is that you must:
- tell people the cookies are there;
- explain what the cookies are doing and why; and
- get the person’s consent to store a cookie on their device.
As long as you do this the first time you set cookies, you do not have to repeat it every time the same person visits your website. However, bear in mind that devices may be used by different people. If there is likely to be more than one user, you may want to consider repeating this process at suitable intervals.
The ICO goes on to say:
What information must we give users?
PECR do not set out exactly what information you must provide or how to provide it – this is up to you. The only requirement is that it must be “clear and comprehensive” information about your purposes. You must explain the way the cookies (or other similar technologies) work and what you use them for, and the explanation must be clear and easily available. Users must be able to understand the potential consequences of allowing the cookies. You may need to make sure the language and level of detail are appropriate for your intended audience.
This is similar to the transparency requirements of the first data protection principle (privacy notices).
If you ask a website owner why they have a pop-up message about cookies, most will say “I thought you had to”. As there are so many websites doing it, many just assume that you have to and so it goes on.
If you have any questions or comments, write a comment below and I will get back to you as quickly as possible. For more digital marketing advise, signup to our newsletter.SIGN UP TO OUR NEWSLETTER