• What Is A PECR Cookie Requirement?

    What is PECR? What are the cookies requirement and how they are linked with PECR? What is a PECR cookie requirement? Find the answer to every question just by reading below.

    The Privacy and Electronic Communications Regulations (PECR) explains the use of cookies and similar technologies for gathering information and accessing information already stored on an individual’s device, equipment or computer.

    This guidance text will clear your vision for PECR and PECR requirements for cookies. You must read it if you operate an online service, like a website or a mobile app. You definitely need a better understanding of how and in what ways PECR applies to you and your use of cookies.

    Fundamentally, cookies are small pieces of information, containing numbers and letters provided by an online service when a user visits them for the first time. There are multiple Cookies that are used in various ways. They are useful because they allow a website to recognise a user’s device. Cookies are used in order to run a website more efficiently and to render information to the site owners.

    Without cookies, websites do not have a way to ‘remember’ anything regarding visitors, such as whether a user has logged in or not and how many items are there in his or her shopping cart.

    What are these Similar Technologies?
    Without the cookie, there are other ways through which similar functions can be achieved — for instance, using different characteristics to recognise a device, so that every visit by the user can be analysed.

    PECR is applicable to every technology that stores or access information on a user’s device. This incorporates HTML5 local storage, Local Shared Objects and fingerprinting techniques. Whereas, the majority of electronic mail marketing is controlled by Regulation 22 in PECR. On the other hand, Regulation 6 by PECR applies to track pixels or other means to gain access to information on a user’s device.

    Using cookies and similar technologies are not prohibited by PECR. But, it does require you to tell people about cookies and also to tell them the way information is stored on their devices.

    pecr cookie requirement

    Cookies are not referred by name under PECR, but Regulation 6 states:

    (1) A person shall not store or gain access to information stored, in the terminal equipment of a subscriber or user unless the requirements of paragraph two are met.
    (2) The requirements are that the subscriber or user of that terminal equipment

    (a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and
    (b) has given his or her consent.

    It means for cookies use you should mention what type of cookies are set, what these cookies will do and obtain consent for storing cookies on devices.
    As previously stated PECR also applies to similar technologies such as fingerprint techniques. Similarly, until and unless an exemption applies, any use of digital fingerprinting requires clear and comprehensive information.

    From whom we must seek consent?

    Under PECR a consent must be obtained from a user or the subscriber (the subscriber being the person who pays the bill for use of the line). In most cases, the user and subscriber will be the same person. However, this is not always the case..
    It is not specified by the PECR that either the user or subscriber’s wishes should take priority if individuals have different preferences
    PECR also addresses subscriber’s ability to make decisions in this area, such as around browser settings, might suggest the subscriber’s preferences take priority, although in some circumstances this will not always be the case.
    Under PECR, browsing settings are covered, in which it states a subscriber is capable of making decisions on a user’s behalf. Though there are circumstances in which a user’s wish should take priority.
    If users complain that your website is setting cookies without taking consent from them, you can show your compliance with PECR through the consent you recently received by the subscriber. To get rid of such problems, you must provide information to the users regarding cookies and mechanisms by which they can make choices.

    Frequently Asked Question

    1) Are cookies personal information?
    Personal information can make a person identifiable. Not all information collected by cookies can identify individuals that use a website. However, websites that use cookies are required to have a cookie consent pop-up on their site.

    2) Do I need a cookie policy if I don’t use cookies?
    It is not compulsory to manifest any lawful basis for setting cookies. But, as cookie use is undeniable so you must mention about all those cookies which your website uses, in your privacy policy.

    3) Why do sites have cookie warnings?
    It helps advertisers to create a basic personal profile about you, even if you haven’t logged in to any website. Advertisers show you ads which they think you will like to buy. A cookie file from a browser can make you see the tracking tags from advertisers in the text.

    Protect yourself, get compliant fast.

    Scan & Audit your Cookies

    Scan your website Cookies, generate a fully-customisable Cookie Consent Banner
    & create a Cookie Policy – FREE