GDPR protects personal information about individuals and gives the individual rights to control how their data is used. Among other things, PECR relates to how organisations can make electronic communications, including sending marketing emails or text messages or tailored online advertising. Both pieces of legislation are regulated by the Information Commissioner’s Office, and requires organisations to inform individuals how their data is used.
What is a cookie?
A cookie is a small text file that is downloaded onto ‘terminal equipment’ (e.g. a computer or smartphone) when the user accesses a website. It allows the website to recognise that the user’s device and store some information about the user’s preferences or past actions. The rules apply to “non-essential” Cookies, which include advertising cookies or those set by third parties. There are exceptions to the legislative requirements, for example for cookies that are essential to provide an online service at someone’s request. These types of Cookies are called session cookies and must be “strictly necessary” where a cookie is either necessary for technical purposes to allow communication to take place, or to provide a service the user has requested. Usual examples of “essential” cookies are those used to help users remember what’s in their online basket, or to ensure security in online banking, or a security cookie for a requested service.
What are organisations required to do?
detailing information about the purposes of the cookies that are being used on a website;
explaining what the cookies are doing and why; and
getting the individual’s consent to store a Cookie on their device
What is consent?
ICOs guidance helps organisations change their behaviour from previously non-compliant reliance on implied consent, where individuals had to “opt-out” of their use. The regulations both require that consent must be actively and clearly given. This may mean that the individual signs up for a mailing list or ticks a box agreeing to have their information used in a particular way. The organisation must make it clear exactly what purpose the information will be used for (for example being added to a mailing list or shared with third parties) as giving the individual control over how they will receive any communications (e.g. text and SMS) if consent is given to receive communications. Information about consent must be made clear and easily accessible – so hiding a Cookies statement at the end of a Privacy Notice may not be sufficient unless a link to the appropriate section is given.
LawBite is delighted to announce that we’ve been shortlisted for Best Legal Team at the UKBAA Angel Investment Awards 2019! This Award recognises t...
LawBite can help you
LawBite is on a mission to provide business legal advice that is easier to access, clearer to understand and much cheaper. Our on-line legal advice platform can quickly connect you with expert business legal advice. Our friendly, highly qualified business lawyers, solicitors and mediators will give you the guidance and reassurance that comes from customised legal advice for small and medium sized business.
Whether you are bringing or defending a legal claim, outsourcing work, want a business contract review to ward off disagreements, talk to an expert trademark lawyer, resolve a contractual dispute with methods like mediation and arbitration, or getting your new company set up and on the right footing with a robust shareholder agreement and GDPR standards, we can help you succeed.