Categories
Law

Cookie Law

In the digital age, privacy has become a growing and valid concern for individuals and organisations alike.

One aspect of online privacy that has gained particular attention is the use of cookies on websites.

The European Union (EU) established regulations to protect user privacy, known as the EU Cookie Policy.

This article will provide an overview of the EU Cookie Policy, including its applicability in the UK, what cookies are, who must get cookie consent, and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR).

What is the EU Cookie Policy?

The EU Cookie Policy, also known as the EU Cookie Law or the Cookie Directive, is a regulation implemented by the European Union to protect the privacy of website users. The regulation requires website operators to obtain explicit consent from users before storing or retrieving any information from their device using cookies. The regulation applies to all websites that are accessible to users in the EU, regardless of whether the website operator is based in the EU.

The EU Cookie Policy was introduced in May 2011 as an amendment to the EU’s Privacy and Electronic Communications Directive (2002/58/EC). The purpose of the amendment was to provide more specific guidelines regarding the use of cookies and other similar technologies.

Does the EU Cookie Policy still apply in the UK?

The EU Cookie Policy continues to apply in the UK, despite the UK’s departure from the EU. This is because the EU Cookie Policy was implemented into UK law through the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR).

The PECR is a UK law that regulates the use of cookies and similar technologies. The PECR has been amended to reflect changes to the EU Cookie Policy, and it continues to apply in the UK post-Brexit.

What are cookies?

Cookies are small text files that are stored on a user’s device when they browse a website. Cookies are used to remember a user’s preferences or actions, such as login credentials or shopping cart items. They can also be used to track a user’s browsing behaviour, such as the pages they visit or the links they click on.

There are two types of cookie: session cookies and persistent cookies. Session cookies are temporary cookies that are deleted when a user closes their browser. Persistent cookies are cookies that remain on a user’s device until they expire or are deleted.

Who must get cookie consent?

Under the EU Cookie Policy, website operators must obtain explicit consent from users before storing or retrieving any information from their device using cookies. This means that website operators must inform users about the use of cookies on their website and obtain their consent before using cookies.

The PECR applies to all UK organizations that use cookies and similar technologies. This includes businesses, charities, and public sector organizations. Website operators must ensure that their use of cookies complies with the PECR, regardless of their size or sector.

What is the Privacy and Electronic Communications Regulations (PECR)?

The Privacy and Electronic Communications Regulations (PECR) is a UK law that regulates the use of cookies and similar technologies. The PECR was introduced in 2003 as a UK implementation of the EU’s Privacy and Electronic Communications Directive (2002/58/EC).

The PECR sets out specific requirements for website operators regarding the use of cookies. Website operators must:

  • Inform users about the use of cookies on their website;
  • Obtain explicit consent from users before using cookies; and
  • Provide clear and comprehensive information about the purpose of the cookies.

The PECR also includes provisions relating to electronic marketing, including email marketing and SMS marketing. The PECR requires organizations to obtain prior consent continue from users before sending them electronic marketing messages, and it provides guidelines for obtaining consent and providing opt-out mechanisms.

The Information Commissioner’s Office (ICO) is responsible for enforcing the PECR in the UK. The ICO is an independent authority that promotes and enforces data protection and privacy laws in the UK. The ICO provides guidance to organizations on how to comply with the PECR and investigates complaints of non-compliance.

Organizations that fail to comply with the PECR may face enforcement action from the ICO, including fines and other penalties. The ICO has the power to issue fines of up to £500,000 for serious breaches of the PECR.

The Privacy and Electronic Communications Regulations (PECR) sit alongside the Data Protection Act 2018 and the UK GDPR.

The EU Cookie Policy is an important regulation that aims to protect the privacy of website users. The regulation requires website operators to obtain explicit consent from users before using cookies or similar technologies to store or retrieve information from their device.

The Privacy and Electronic Communications Regulations (PECR) is a UK law that implements the EU Cookie Policy in the UK. The PECR sets out specific requirements for website operators regarding the use of cookies and provides guidelines for electronic marketing.

All organisations that use cookies or similar technologies must ensure that their use complies with the PECR. This includes informing users about the use of cookies, obtaining explicit consent, and providing clear and comprehensive information about the purpose of the cookies. Failure to comply with the PECR may result in enforcement action from the ICO, including fines and other penalties.

As technology continues to evolve, it is important for organizations to stay up-to-date with the latest privacy regulations and guidelines. By complying with the EU Cookie Policy and the PECR, organizations can protect the privacy of their users and avoid the risk of non-compliance.

The Ministry of Injustice is not the Ministry of Justice nor is it affiliated in any way with the justice system, legal profession or any law enforcement agencies.


Most Popular

What is Policing by Consent ? What is Two Tier Policing ?

Latest Articles

All Articles can be found in the Legal Blog or Sitemap.


You should always seek formal legal advice from a qualified and reputable lawyer (solicitor or barrister).

‘Justice delayed is justice denied’

 William Ewart Gladstone

There are a number of links to Free and Paid For Legal Resources and Legal Organisations on the Free Legal Advice , Legal Aid and Pro Bono pages.

Cookie Law was last updated on the 11th December 2024

By Dom Watts

Dom Watts founded the Ministry of Injustice in July 2021. Dom is an IT Professional with 30+ years experience in Tier 1 Banking, Government, Defence, Healthcare and Global Blue Chips. Dom has no legal training and is not a lawyer but has previously consulted for a Magic Circle Law Firm. You can find Dom on X or Google.

Dom Watts publishes the Ministry of Injustice as a citizen journalist. The journalism exemption is detailed in the Data protection and journalism code of practice published by the ICO and Section 124 of the Data Protection Act 2018.

Section 2 of the Defamation Act 2013 sets out the defence of truth. Section 3 of the Defamation Act 2013 sets out the defence of honest opinion. Section 4 of the Defamation Act 2013 sets out the defence of public interest. Section 8 of the Defamation Act 2013 sets out the single publication rule.

Section 4a of The Limitation Act 1980 defines the time limit for actions for defamation or malicious falsehood as one year from the date on which the cause of action accrued.

Article 10 of the Human Rights Act 1998 gives the right to freedom of expression.

"Free speech encompasses the right to offend, and indeed to abuse another." Para 43 Scottow v CPS [2020] EWHC 3421 (Admin)

R v O’Neill [2016] EWCA Crim 92, [2016]

In 2002 Dom Watts was an unlikely consumer champion. The dad of three from Croydon took on the power and might of Kodak – and won………

Dom on BBC Working Lunch

Equal Justice Under Law
Access To Justice Is A Right Not A Privilege
Rule of Law - Open Justice - Policing By Consent

Ministry of Injustice - Server Monitor