The Privacy and Electronic Communications Regulations (PECR) applies to how you
that is already stored, on a user’s equipment such as their computer or mobile device.
On the 26 May 2011 the underlying requirements were updated to enforce the need
for the subscriber to obtain consent from the user before cookies can be used on
their device. At the time the Information Commissioner published new guidance and
announced that he would allow organisations a year-long period to work towards compliance
with the new changes.
The rules are not designed to restrict technology but to enable consumers to have
knowledge of and provide consent to information being collected. Essentially, if
and persistent cookies
Tell people that the cookies are there
Explain what the cookies are doing
Obtain the person’s consent to store the cookie on their device
Cookies may expire at the end of a browser session or may be stored for longer;
the Regulations apply to both types.
Session cookies allow websites to link the actions of the user during the browser
session. They can be used for various reasons including what the user has placed
in the `shopping basket` as they have browsed the site. The cookie expires at the
end of the session and may therefore be regarded as less intrusive.
Persistent cookies are stored between sessions and facilitate the preferences of
the user to be recalled. They could be used to target advertising and bring sites
to the user’s attention. They can recall past activity and preferences and may work
across a number of sites. Persistent cookies are therefore deemed as more intrusive.
Consent must involve some form of communication where the user knowingly indicates
their acceptance. It could include clicking on to an icon, sending an email, or
When a person (organisation) operates an on-line service and the use of the cookies
is for their benefit, that person (organisation) is responsible for the regulatory
standards of the use and processing of the cookies and the data which they identify.