The Privacy and Electronic Communications Regulations 2003 (PECR) is a UK regulation that works in conjunction with the UK GDPR and Data Protection Act 2018. The PECR sets out the regulations relating to privacy and electronic communications. It is most commonly associated with direct marketing rules and the ‘cookie law’.
What is a Cookie?
A ‘cookie’ is a small text file or piece of data that is sent from a website and stored on a user’s device. The device can be a computer, tablet or mobile device on which the cookie is stored when the user accesses the website. Cookies are a form of identification that allows a website to recognise a user’s device and remember preferences from previous visits.
There are two steps to complying with the cookie rules on a website. Where any cookies are set, you have an obligation to notify users when they visit your website. Cookie Notice pop up notices are a common sight on most websites. They usually require you to accept or reject the cookies before you start browsing.
Complying with the Cookie Law
Consent in the PECR uses the same definition as that of the UK GDPR. You must evidence that consent has been obtained via an affirmative action (i.e., signature, non-ticked box). It must be clear, granular and demonstrate a positive opt-in.
How to Manage Cookie Settings
However, you can still provide details on how to manage all non-essential cookies and explain how to control cookie settings via the users’ browser or device settings.
If you want to understand ore about cookies and what your obligations are, you can visit www.allaboutcookies.org.
Available as a standalone toolkit or included in our complete UK GDPR Bundle.