"Cookies Law": PECR – e-Privacy Directive Compliance
Does your website comply with the EU Directive?
All UK websites are obliged to offer visitors a mechanism for giving informed consent to the installation of cookies in their browsers before installing them. The opt-out clauses in the privacy policies on most websites will no longer be adequate.
A ‘cookie’ is a small file downloaded to a device when a user accesses a website. Cookies allow a website to recognise a user’s machine through their visit and track their activities.
What's on this page?
What is the directive about?
Contained in the revised PECR (Privacy and Electronic Communications Regulations) which implements the EU e-Privacy Directive, the ‘Cookies Law’ came into force on 26 May 2011 and all UK organisations were expected to be compliant by 26 May 2012.
The PECR is enforced by the Information Commissioner’s Office (ICO), whose power to levy fines of up to £500k for non-compliance has been extended to cover the PECR regulations.
You can read here http://www.ico.gov.uk/news/current_topics/new_pecr_rules.aspx about the ICO’s approach to enforcing the regulations. Note the explicit statement that the ICO does not "condone organisations taking no action in the period up to May 2012. Organisations should be taking steps to ensure they can properly comply with the revised rules for cookies by May 2012."
All websites install cookies. Cookies are used to track visits, to track purchases from webpages to shopping carts, and by third parties such as Google for analytics and advertising. If you operate a website, it will be installing cookies. You will therefore need to evidence compliance with the new Cookie regulations.
What are the next steps?
The first step to compliance is to perform a ‘Cookie Audit’. This audit should identify:
- all the cookies your site installs
- who owns those cookies, and what their purpose is
- whether or not any of them fall within the definition of ‘strictly necessary’ for the service requested by the user
- how intrusive the cookies are, and
- what steps should be taken to either remove the cookie or obtain the user’s informed consent.
Completion of a cookie audit is the first practical step to determining a strategy for PECR compliance and is also evidence that the organisation is taking appropriate steps to meet its compliance obligations.
Our Cookie Auditing Service
Specialist tools and knowledge are required to conduct a cookie audit, to analyse the results and to determine appropriate next steps.
Our Cookies Audit Service offers these tools and knowledge.
It is just £995 per website and remotely-executed. It works by identifying all the cookies installed by a website, their function and their importance. A structured report is then created with recommendations of steps to consider for each cookie to ensure compliance with the PECR.