What are Cookies?
A cookie is a small text file implanted by a website operator or online advertising network on the hard disks of visitors to the site (often without their knowledge). Cookies are used to collect information about internet users, such as their names, addresses, e-mail details, passwords and user preferences. This information when used in conjunction with other information in the possession of the website operator can help to identify an individual and so can amount to Personal Data as defined in the Data Protection Act 1998.
We were getting used to the legislation around opt in consent for email marketing but recent revisions to the Privacy and Electronic Communications Regulations 2003 (SI 2426/2003) (2003 Regulations) through the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (SI 2011/1208).
- Has been provided with clear and comprehensive information about the purposes for which the cookie is stored and accessed.
- Has given his or her consent.
(Regulation 6(1) and (2), revised 2003 Regulations.)
The issue is that there is not a definition of consent although guidance suggests the consent must be freely given, specific and informed. Consent must also be appropriate to the age and capacity of the individual and to the particular circumstances of the case.
Guidance also suggests that consent must be obtained before the Cookie is planted and organisations have until May 2012 to ensure that they are compliant.
Some of the suggestions being put forward by the ICO guidance (Guidance) as to how to achieve compliance include:
- Pop—ups and similar techniques. Online providers could obtain user consent by including express consent provisions with tick boxes in pop-up windows. Although this is the simplest option to achieve compliance, there is general agreement that this would be unpopular with users as it would spoil a user’s experience of using a website if several cookies are used. This way of obtaining consent might also be impractical as many users employ pop—up blockers and would therefore be unlikely to see the pop—up windows.
- Settings—led consent.Some cookies are deployed when a user makes a choice about how the website works for them, There is a suggestion that consent could be gained as part of the process by which the user confirms what they want to do or how they want the website to work.
The above relate to direct cookies however there are also issues in relation to cookies placed by third parties such as third party advertisers on a website.
The ICO has suggested that organisations should:
- identify how intrusive the cookies are as the greater the amount of intrusion the greater the need for consent; and
- formulate strategy for obtaining consent.
Jordans can help with a review of your website to ensure it is legally compliant and to update your terms and conditions and privacy policies in light of the new legislation. For further information please contact Cathy Cook at Jordans Solicitors Wakefield offices in West Yorkshire.
More guidance and help can be found in this PDF.