How & Why Do We Comply With Cookie Policies In The UK?
The UK exited the European Union on the 31st of December 2020, which means that we are not only an independent nation, but our laws in many cases have changed too.
Today we focus on cookie policies in more detail, regarding what they are, how you can comply with them, and things you need to know when cookies are being used on your website.
The website recognizes the user’s device and then stores some personal data or information about the user’s preferences on the site, including their past actions.
What information do cookies store?
- How long a user spends on an individual website.
- The links you are clicking on.
- The options, preferences, and settings you’ve chosen.
- Any accounts you log into.
- Any pages you have visited.
- Any items you have placed in your shopping basket.
What Do You Need To Do When Complying With Cookie Policies In The UK?
Based on regulation 6, the rules you must abide by consist of the following:
- Tell people that are arriving on your site that cookies are being used.
- Explain what the cookies are doing on your site and why they are being used.
- Get consent from the visitor to store a cookie on their device to collect personal data and information.
What Do I Need To Show?
While you need to display information showing that you are collecting cookies, PECR does not specify what information exactly. The requirements only suggest offering “clear and comprehensive” information about your purposes.
If you would like to learn more about the regulations complying with cookies, please read the new and updated Cookies Section in the UK-GDPR law that was recently updated.
What Counts As Consent?
Consent must be freely given and decided by the visitor. It must involve an action, for example, ticking a box or clicking a link.
In addition, you may not set non-essential cookies on your website until the user has consented to them.
As an owner of the site, you need to make sure that your users are fully aware of their actions when accepting cookies. You need to make sure they have given explicit and deliberate consent. This must be more than merely continuing to use the website and ensure that consent is freely given.
You should also ensure that you can enable and disable cookies when needed.
While also collecting cookies, you also need to ensure that any privacy-intrusive cookies such as health details or personal data are even being consented to by the user. The ICO will take a risk-based stance on enforcing this area.
Enjoying the blog post? Make sure to check out our recent article on ‘What Privacy & Compliance Challenges Do Companies Face With GDPR In 2021?’
How Do You Write Up Cookie Policies For A Website?
The first thing you need to do is find out what cookies are on your website. This is necessary for making sure that you are implementing a valid policy.
You also need to take into account that your website could be using your own cookies and third-party cookies as well. If you struggle to find this information, then some dedicated plugins and tools can help find third-party cookies on your website.
Plan Your Content Accordingly
As laid out in UK-GDPR, your language needs to be straightforward and ensure the following bases are covered.
- The types of cookies you’re using.
- The data you’re tracking.
- How long cookies stay on a user’s browser.
- Why you are using cookies.
- Where the information is sent and who it is shared with.
What Happens If A User Rejects Your Cookie Policies?
There are dedicated strict rules on gaining consent, and for that consent to be valid, it must be freely given by the user. It also must be specific and informed. You MUST include some action, for example, ticking a checkbox or clicking a link. It would be best if you made sure that the user is aware they are giving consent.
If you would like to learn more about cookie policies, then read up on the ICO policies concerning cookie policies in the UK and how you should comply with them.
For updates on GDPR, compliance with privacy laws, and data regulations that have been put in place for the United Kingdom, follow our IT blog.