Call +44(0)161 941 4000
Call +44(0)161 941 4000
No, this blog is not about the delicious biscuits many of us will have been attempting to bake during the lockdown. Put simply, in an IT context; cookies are small text files containing small amounts of information that are downloaded or ‘implanted’ onto a user's device (e.g. a computer, a tablet, a smartphone, or other smart devices) when a user visits a website.
There are a number of different types and categories of cookies. They range from strictly necessary cookies (which allow a website to operate), to targeting or advertising cookies (which record user visits to a website, pages visited and links followed from that website) and are often used by companies to monitor consumer behaviour/trends and personalise the user experience making it smoother and more tailored to that individual.
Third-party tracking cookies (cookies which are set by a website other than the one you are visiting) can cause security and privacy concerns since they make it easier for parties you cannot identify to watch where you are going and what you are doing online and can in some cases compile records of a user’s browsing history online.
The ICO has the ability to levy substantial fines for failure to comply with laws relating to cookies, including fines for failing to comply with the PECR of up to £500,000, and up to €20 million EUR or 4% of total worldwide annual turnover (whichever is the higher) for failing to comply with the GDPR and the Data Protection Act 2018.
On 10 January 2017, the European Commission published the draft E-Privacy Regulation, which is intended to replace the PECR. It is aimed at companies operating in the digital economy and specifies additional requirements they need to meet in relation to the processing of personal data as well as harmonising the practicalities of website operators obtaining consent from website users across EU member states.
The regulation extends the scope of PECR from traditional telecoms service providers to all electronic communications service providers, including WhatsApp, Facebook Messenger, Skype, Gmail, and iMessage. One of the key changes in relation to cookies is that third-party cookies would be blocked by default, and users will have to set their cookie setting options during initial set up of software.
However, it is uncertain if the E-Privacy Regulation, which was originally intended to apply from 25 May 2018 (together with the GDPR), will make it into codified law.
There have been a number of stalled negotiations and disagreement between EU member states, with commentators not expecting the regulation to come into force before 2023, if at all. There remain a number of legal and practical uncertainties in relation to electronic communications and data privacy and protection that the regulation is yet to effectively deal in an ever-changing digital economy.
If you would like any advice in relation to your cookies policy, your cookie use or compliance with the E-Privacy Directive, direct marketing legislation or the GDPR, please contact one of our lawyers on 0161 941 4000 and ask for our Corporate/Commercial Department or email us at firstname.lastname@example.org