Most businesses these day use cookies on their websites – either to assist with the browsing experience enjoyed by end-users or to collect vital data about how the site is used.
What are cookies?
In their basic form, cookies are strings of data which are downloaded onto a device when it accesses the internet. Therefore, they allow the online behaviour of a device (and its user) to be monitored. There are four main categories of cookies:
Targeting or advertising cookies: these constitute the basis for third party advertising, and include recording visits to particular websites which demonstrate interest ‘segments’ of the computer user. Information is shared with third parties who can tailor adverts according to online behaviour.
Functionality cookies: these recognise users who return to a website, enabling eg personalised greetings, language, region or other personalised settings and displaying tailored updates or news feeds.
Performance cookies: these may be used by websites to monitor the number of visitors there are on a website and most popular pages.
‘Strictly necessary’ cookies: these include cookies which enable entry into secure areas of websites, use of online shopping carts and e-billing services. They are generally exempt from the consent and notice requirements in the regulations. These are only broad categories and cookies may perform multiple functions.
The regulations
The regulations require website users to be informed that cookies are being used and their consent to be sought (other than for ‘strictly necessary’ cookies). Fines of up to £500,000 can be imposed for noncompliance and the Information Commissioner will be responsible for enforcement.
Consent
The user’s/subscriber’s consent must be informed and cannot be inferred or deemed from, say, a lack of response. Though no specific solution is endorsed, guidance sets out options including ‘pop-up’ boxes or banners. Pop-ups seem to be a popular solution, looking at various mainstream websites that have complied to date.
Website owners also need to demonstrate that they are doing as much as possible to minimise the delay between introducing or ‘placing’ a cookie and informing and obtaining consent from end-users.
Browser settings
Browser settings may offer a method to indicate consent to the use of given categories of cookies (and to exclude others). However, it must be clear that consent has been given in some way by the end-user/subscriber.
A practical limitation is that not all users/subscribers will use web browsers which are sophisticated enough to provide such enhanced privacy settings.
Information to be provided
No formal guidance has been provided but possible ways of informing users could include:
altering the visual appearance of the privacy policy or inserting the word ‘NEW!’ next to a link to it
moving the link to the privacy policy to a prominent part of the website
renaming the privacy policy ‘cookies and privacy policy’, possibly with a separate link to a cookies policy
using icons or images which link to further information.
Responsibility for compliance
A person who uses cookies for their own purposes will be responsible for complying with the regulations. However, where a website’s cookies provide information to third parties, responsibility for compliance probably falls on both website operator and the person setting the cookies.
Exemptions
A narrow exemption still remains for ‘strictly necessary’ cookies, referred to above. Consideration therefore needs to be given as to what category a cookie belongs to.
Practical step for businesses
Businesses with websites should check what cookies are being used, assess their intrusiveness, identify any obsolete cookies and take appropriate action. This should involve carrying out a cookie audit. For such audits, businesses must have clear communication at least between their website designers, marketing and commercial departments and their legal team.
To amend terms and conditions of use and the site’s privacy policy, additional steps may be required.
Finally, if a website enables users to select personalised settings for their experience on the website, consent to the use of relevant cookies may be built into the setup process.
As always, if you need commercial and pragmatic legal advice, we’re here to help so please get in touch.
Disclaimer: All legal information is correct at the time of publication but please be aware that laws may change over time. This article contains general legal information but should not be relied upon as legal advice. Please seek professional legal advice about your specific situation - contact us; we’d be delighted to help.
In the world of business, contracts are the bedrock upon which deals are built. These carefully crafted documents are a testament to the mutual understanding between parties, outlining their respective…
A recent case has highlighted the importance of ensuring a company is incorporated with carefully drafted articles of association, if there is only one director. All limited companies must have…
This September brings change to the use of standard contractual clauses (SCCs) governing data transfers from the EU and EEA. In June this year, the European Commission published two sets…
By clicking Accept you are agreeing to the use of all cookies which will allow us to provide you with the most relevant experience when visiting or re-visiting this website. This means that your personal preferences will be remembered when you use this website. You can change your consent or choose specific settings by clicking "Cookie Settings". By clicking "Reject All" we will not use any non-essential cookies. Essential cookies will still be used for the website to function properly. Please see our cookie policy and privacy notice for more information about how we process your personal data.
Our website uses cookies to improve your experience while you navigate through our website. Out of these cookies, the cookies that are categorised as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyse and understand how you use our website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies but it may affect your browsing experience on our website. You can find our cookie policy here.
Necessary cookies are absolutely essential for our website to function and enable core functionality such as security and accessibility. These cookies do not store any personal information. You can block these cookies by changing your browser settings, but this may affect how the website functions.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Cookie
Duration
Description
__cf_bm
30 minutes
This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
mgref
1 year
This cookie is set by Eventbrite to deliver content tailored to the end user's interests and improve content creation. It is also used for event-booking purposes.
yt-player-headers-readable
never
The yt-player-headers-readable cookie is used by YouTube to store user preferences related to video playback and interface, enhancing the user's viewing experience.
yt-remote-cast-installed
session
The yt-remote-cast-installed cookie is used to store the user's video player preferences using embedded YouTube video.
yt-remote-connected-devices
never
YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id
never
YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-fast-check-period
session
The yt-remote-fast-check-period cookie is used by YouTube to store the user's video player preferences for embedded YouTube videos.
yt-remote-session-app
session
The yt-remote-session-app cookie is used by YouTube to store user preferences and information about the interface of the embedded YouTube video player.
yt-remote-session-name
session
The yt-remote-session-name cookie is used by YouTube to store the user's video player preferences using embedded YouTube video.
ytidb::LAST_RESULT_ENTRY_KEY
never
The cookie ytidb::LAST_RESULT_ENTRY_KEY is used by YouTube to store the last search result entry that was clicked by the user. This information is used to improve the user experience by providing more relevant search results in the future.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Cookie
Duration
Description
_ga
2 years
The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat
1 minute
This cookie is installed by Google Universal Analytics to restrain request rate and thus limit the collection of data on high traffic sites.
_gid
1 day
Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_s
1 year
This cookie is associated with Shopify's analytics suite.
G
1 year
Cookie used to facilitate the translation into the preferred language of the visitor.
vuid
2 years
Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Cookie
Duration
Description
VISITOR_INFO1_LIVE
6 months
YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
VISITOR_PRIVACY_METADATA
6 months
YouTube sets this cookie to store the user's cookie consent state for the current domain.
YSC
session
Youtube sets this cookie to track the views of embedded videos on Youtube pages.