Introduction
New rules on cookies came into force on 26 May 2011. Consent is now needed in relation to most cookies placed on a user’s PC (or mobile device) by UK websites. Similar rules are coming into force throughout Europe.
Prior to this change, websites only had to tell users how they used cookies and that they could ‘opt out’, usually providing such information in a privacy policy. Now, however, a website can only put cookies on a user’s device if the user has given his or her consent. The one exception to this rule is if the website’s use of the cookie is “strictly necessary” for a service requested by a user.
The new rules — required by a European Directive — are implemented in the UK by means of an amendment1 to the Privacy and Electronic Communications (EC Directive) Regulations 2003 (the ‘PEC Regs’). Guidance2 on these rules from the UK data protection regulator, the Information Commissioner’s Office (‘ICO’), had been highly anticipated and has now been published (the ‘ICO Guidance’).
Please see full publication below for more information.