The following Information Law practice note provides comprehensive and up to date legal information covering:

  • Cookies
  • Types of cookies and similar technologies
  • Flash cookies
  • HTML 5 local storage
  • Tracking pixels
  • Device fingerprinting
  • PECR 2003 and cookies
  • Meaning of ‘terminal equipment’
  • Meaning of ‘subscriber or user’
  • Meaning of ‘public electronic communications service’
  • More...


This Practice Note examines the law on the use of cookies and similar technologies in the UK, and covers the following:

  1. Types of cookies and similar technologies

  2. PECR 2003 and cookies

  3. Responsibility for compliance

  4. Consent

  5. Clear and comprehensive information

  6. Exemptions

  7. UK GDPR and cookies

  8. Territorial scope

  9. Intranets

  10. Sanctions and enforcement

  11. Cookie audits

  12. Reform

  13. Resources and guidance

Cookies are small data files stored on a user’s computer, phone or tablet. They allow an online service, such as a website, to recognise an individual user and store certain information about them such as login details, the contents of shopping baskets and site preferences. They are also commonly used to target advertising at a user based on their browsing history.

Although cookies are a critical part of website infrastructure, they can be invasive to privacy due to the wide range of information that can be collected including personal and potentially sensitive information about a user’s interests and preferences. They are also often placed on a device without the user fully understanding the nature and extent of the cookies that are being used or without the user’s knowledge at all. In some situations, third parties are able to place cookies without any direct interaction with the user.

There are two key pieces of legislation that regulate the use of cookies in the UK:

  1. the Privacy and Electronic Communications (EC Directive) Regulations

Related documents:

Popular documents