The Privacy and Electronic Communications Directive is a European Union directive on data protection and privacy in the digital age.
What Is the Cookie Law?
It deals with the parameters of issues regarding the confidentiality of information, treatment of traffic data, spam and cookies. The Directive also applies to anything that behaves like a cookie, such as Flash Cookies and HTML5 Local Storage.
The directive introduced several changes in the UK concerning cookies. UK websites now need to gain consent from users before placing cookies on their web browsing devices (PCs, smartphones, etc.). The Information Commissioner’s Office (ICO), who enforces the Data Protection Act, has been tasked with enforcing it.
What Is A Cookie?
A cookie is a text file sent from a website and stored in a user’s web browser while the user is visiting a site. When the user browses the same website again, the data stored in the cookie can be retrieved by the website to notify the website of the user’s previous activity. Only a website’s webmaster can view the data from cookies, not the entire internet.
Cookies can have many functions which include:
- Staying logged into websites
- Form filling (i.e. data entered does not disappear when you navigate away from the form and come back)
- Storing shopping basket items
- Recording user preferences (e.g. keeping your preferred cinema as default)
Although cookies cannot carry viruses and/or install malicious software to a host computer, they have become a major privacy issue, prompting EU and US law makers to take action.
Who Needs To Comply With It?
Google Analytics (GA), a service offered by Google that generates detailed statistics about the visits to a website, uses tracking cookies. Services like these will require user consent as the cookies are not considered to be essential.
The UK’s information commissioner changed cookie guidelines just before they came into force, to provide additional guidance to information surrounding the issue of “implied consent.”
Implied Consent is a valid form of consent as long as:
- It is used with revised cookie rules.
- Websites relying on implied consent make it clear to their users that their actions will result in cookies being set, or no informed consent was given.
- Explicit consent has to be given in situations where sensitive personal data is collected from users, such as health.