The Privacy and Electronic Communications Regulations (PECR) applies to how you use cookies and similar technologies for storing information, and access information that is already stored, on a user’s equipment such as their computer or mobile device. On the 26 May 2011 the underlying requirements were updated to enforce the need for the subscriber to obtain consent from the user before cookies can be used on their device. At the time the Information Commissioner published new guidance and announced that he would allow organisations a year-long period to work towards compliance with the new changes.

The rules are not designed to restrict technology but to enable consumers to have knowledge of and provide consent to information being collected. Essentially, if you use cookies you must:
Tell people that the cookies are there
Explain what the cookies are doing
Obtain the person’s consent to store the cookie on their device

Session and persistent cookies

Cookies may expire at the end of a browser session or may be stored for longer; the Regulations apply to both types.

Session Cookies

Session cookies allow websites to link the actions of the user during the browser session. They can be used for various reasons including what the user has placed in the `shopping basket` as they have browsed the site. The cookie expires at the end of the session and may therefore be regarded as less intrusive.

Persistent Cookies

Persistent cookies are stored between sessions and facilitate the preferences of the user to be recalled. They could be used to target advertising and bring sites to the user’s attention. They can recall past activity and preferences and may work across a number of sites. Persistent cookies are therefore deemed as more intrusive.

Consent

Consent must involve some form of communication where the user knowingly indicates their acceptance. It could include clicking on to an icon, sending an email, or continuing with a process when a notification has been given of the use of cookies.

Responsibility for Compliance

When a person (organisation) operates an on-line service and the use of the cookies is for their benefit, that person (organisation) is responsible for the regulatory standards of the use and processing of the cookies and the data which they identify.