• What Is A Cookie Audit With PECR Assessment?

    Cookie Audit With PECR Assessment

    PECR assessments are carried out to find vulnerabilities associated with personal data processing and many other aspects. 

    This blog is all about cookies and PECR assessments. Both of these elements are linked as PECR covers  cookies and carrying out the relevant audit.

    PECR stands for Privacy and Electronic Communications Regulations, has been governing the use of cookies since its implementation in 2003, with updates made in 2011.

    Cookies are small directories which contain numbers as well as letters which their websites place on their guest’s computer, even though they are modest in size, the collection information that visitors may not wish to share.

    To provide precise information about the PECR compliance, the Information Commissioner’s Office (ICO)provides a cookie assessment as the first step.

    This information will help you out regarding the assessment of cookies that are used on your organisation’s website. 

    There are two kinds of cookies: session cookies and persistent cookies. Session cookies are temporarily stored, and once the session is completed, it is deleted or afterwards the browser is closed. 

    Persistent cookies are also known as permanent cookies which are capable of providing information on the preferences and settings the user selects and provides information for future sessions. 

    Both kinds of cookies, session cookies and persistent cookies need to be analysed during the cookies assessment.

    A cookie assessment is proceeded in two stages: Data gathering and analysis of  the assessment. 

    This is an in-house security assessment which will record the date and the time of assessment, who is doing the evaluation and information about any party reviewed during the evaluation.

    The Data Gathering Stage Data gathering stage has three isolated areas of the website to assessment, and every assessment’s access is different.

    • User-side cookies: The easiest method of assessment is to use the Firefox browser for visiting the site. Click on Tools / Page Info / Security / View Cookies. A window will pop on your computer and list all the cookies installed by the website. Visitor ID cookies and session ID will add these cookies.
    • Server-side cookies: The only way to the assessment of cookies is to ask your external website developing a team or internal website developing team, to execute a code analysis from the server’s side and list of all the cookies that may be applied. These cookies mostly deal with campaign tracking or tracking products which are transferred to baskets.
    • Third-party tags: These are placed by third parties that have access to browsers on your site. The tags they set in place can only be identified by approaching each third-party directly and requiring full information about their tags. 

    For each cookie, your audit must carry the information mentioned below:

    • Host website – The specific URL that is placing the cookie on the browser.
    • Site coverage – Whether the cookie is used by the whole website or by identified particular areas only.
    • CookieID – In Firefox, this will be the Cookie Name.
    • Cookie Common Name – A plain English name you create that identifies the cookie in your audit report.
    • Responsible party — First party or the third party is setting the cookie.
    • Description – A simple description of the cookie’s purpose and action.
    • Expiration date – This will either be a specific date (for persistent cookies) or the legend at the end of the session (for session cookies).
    • Data — The data each cookie contains.
    • User information — The user information the cookie links to, such as username

    The Analysis Phase

    You must give an answer to each cookie.

     Is this cookie really necessary?

    Do ensure if the information is crucial. If it really is, you cannot seek the explicit permission of the browser before setting the cookie.

    How intrusive is the cookie?  

    Intrusiveness let cookie reduces the user’s privacy. Much intrusion of the cookie will make you provide more information to the user while obtaining consent. 

    What additional disclosure is required?

    Does your privacy policy provide complete information on every type of cookie? You must consider what sort of information your user I required because it is necessary for compliance. 

    Analyse the outcome, if your analysis reveals that cookie tracking is not strictly required or is much extensive than permitted by the PECR regulations, then you must take corrective action. 

    For the completion of the analysis, you must record the actions you are planning to take to make cookie complied with PECR.

    Frequently Asked Question

    1) Does PECR apply to B2B?

    PECR is a piece of legislation, and this law will remain in place. It applies only to electronic channels such as telephone, email and SMS. PECR not only applies to B2B marketing but also B2C marketing like sole traders, partnerships, unincorporated trusts, partnerships and foundations and their staff members.

    2) Are the PECR superseded by the GDPR?

    PECR and GDPR are both legislations and quite the same in many ways. Currently, the EU is replacing the e-Privacy directive with updated e-Privacy regulation. Although the new law is not yet finalised. As of now, the PECR will continue with GDPR side by side. 

    3) What is the difference between PECR and GDPR?

    The primary difference between these two legislations is mainly related to personal data processing. However, the PECR is related to electronic marketing and contain specific rules on

    • Marketing calls, emails, texts and faxes
    • Cookies
    • Keeping communications services secure
    • Customer privacy regarding traffic and location data, itemised billing, line identification and directory listings.
    4) Do the PECR apply to me?

    The legislation only applies to you if you:

    • Market by phone, email, text or fax
    • Use cookies or similar technology on your website
    • Compile a telephone directory or the same public directory.

    Protect yourself, get compliant fast.

    Scan & Audit your Cookies

    Scan your website Cookies, generate a fully-customisable Cookie Consent Banner
    & create a Cookie Policy – FREE