The following IP guidance note provides comprehensive and up to date legal information covering:

  • Cookies
  • Types of cookies and similar technologies
  • PECR 2003 and cookies
  • Responsibility for compliance
  • Consent
  • Clear and comprehensive information
  • Exemptions
  • GDPR and cookies
  • Territorial scope
  • Sanctions and enforcement
  • more

This Practice Note examines the law on the use of cookies and similar technologies:

  1. Types of cookies and similar technologies

  2. PECR 2003 and cookies

  3. Responsibility for compliance

  4. Consent

  5. Clear and comprehensive information

  6. Exemptions

  7. GDPR and cookies

  8. Territorial scope

  9. Sanctions and enforcement

  10. Cookie audits

  11. Reform

  12. Resources and guidance

Cookies are small data files stored on a user’s computer, phone or tablet. They allow an online service, such as a website, to recognise an individual user and store certain information about them such as login details, the contents of shopping baskets and site preferences. They are also commonly used to target advertising at a user based on their browsing history.

Although cookies are a critical part of website infrastructure, they can be invasive to privacy due to the wide range of information that can be collected including personal and potentially sensitive information about a user’s interests and preferences. They are also often placed on a device without the user fully understanding the nature and extent of the cookies that are being used or without the user’s knowledge at all. In some situations, third parties are able to place cookies without any direct interaction with the user.

There are two key pieces of legislation that regulate cookies:

  1. the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR 2003)—regulates the circumstances in which an electronic communication service provider,