Internet cookies: What you need to know

Why have the rules on internet cookies changed?

The internet cookies law change is the result of implementation of an EU Directive. The new internet cookie laws are contained in Regulation 6 of the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011. 

What do the internet cookies regulations cover?

The regulations cover the use of internet cookies – small files downloaded onto a device when the user accesses certain websites, allowing the website to recognise the user’s device. They also apply to similar technologies for storing information – including locally stored objects (flash cookies). 

What has the internet cookies law changed?

Prior to May 26, 2011, if you used internet cookies to store information, you had to provide clear and comprehensive information to users about your use of internet cookies and give users the right to opt-out. Many websites complied with this rule by including information about internet cookies in a privacy policy. 

From May 26, 2011, internet cookies can only be placed on a user’s equipment if the user has given their consent. The requirement to provide clear and comprehensive information remains in place.  

Does the new rule apply to all internet cookies?

Yes – except for one limited exception. Consent does not need to be given where the internet cookie is “strictly necessary” for a service requested by the user. This is a very narrow exception. For example, it could apply to a internet cookie used to ensure that where a user clicks “proceed to checkout” when purchasing online, the site remembers the items chosen on a previous page.  

The EU Directive on which it is based refers to a service “explicitly requested” by the user and the Information Commissioner, who will enforce these regulations, will bear this in mind in deciding whether or not the regulations have been complied with.  

Also, the requirement to provide information about a internet cookie and obtain consent is only required the first time it is set for a particular user. You do not have to do this again for the same person provided that it is the same internet cookie and is used for the same purpose.

Find out more about what you have to do and when.

Gillian Cordall is an IT, intellectual property and commercial lawyer at Keystone Law.

Share this story

Close
Menu
Send this to a friend