Visit Professional Section

Don’t let your cookies crumble

Dean Orgill posted 3 years ago at 8:17


Tempting though it is to throw in a reference to the fondly remembered (at least by me) bear from the Andy Williams show (as the anti-dote to the introduction of the Osmonds), it is probably more appropriate at this moment to make mention of the more serious and ubiquitous cookies of today, that of gathering information.


Why? Because we now have the arrival of the change in the law on cookies, much previewed, and much delayed, but now finally here.


Essentially the new law requires websites to ask users what information they consent to have stored about them, and for users to make an active choice.


The underlying premise now is that as cookies store data about your use of sites, and so increasingly about you yourself, then their deployment should only be allowed if you have consented.


The basic Regulation (*) states that:

“a person shall not store or gain access to information stored, in the terminal equipment of a subscriber or user unless the requirements of paragraph (2) are met.


(2) the requirements are that the subscriber or user of that terminal equipment –

(a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and

(b) has given his or her consent.


There is much published information to assist you. The Information Commissioner’s Office (ICO), for example, has published some detailed guidance notes (31 pages). Also, there are some good examples of best practice from the likes of the UK Intellectual Property Office, which states on its home page that:


“This site uses cookies to help make it useful and more reliable. Our cookies page explains what they are, which ones we use, and how you can manage or remove them”.


The cookies page then details why they use cookies, which ones are used and in respect of each cookie, why they are used, the benefit of their use, the data stored and how long the data is kept.


The concept is, of course, to assist with transparency in respect of personal data stored. All jolly noble we might think, and maybe we should all aspire to it but,  “I am incredibly busy so I will get around to sorting it out for my site eventually, or at least I will ask our website hosts to do so, they have probably got it all in hand in any event” will not pass muster.


The ICO anticipates that the responsibility for compliance rests with a person who operates an online service and the use cookies is for their purposes. It is therefore  likely that that both a business trading through a site and any website host operator, if they are different, could be at risk of a penalty if they do not comply with the new rules.


What is the risk? Well, ultimately in the worst cases of breach a Monetary Penalty notice can be served imposing a financial penalty of £500,000 – Crumbs!


(*)Regulation 6 of the Privacy and Electronic Communications Regulations 2003

Login or Signup to post and comment

About Dean Orgill
Dean Orgill is a Partner within the Litigation Department and has been with Mayo Wynne Baxter for over 20 years. Dean acts on behalf of a range of ...

Expert Members View All