What are the requirements for cookies under the PECR?

What is the PECR? What are the requirements for cookies under the PECR? The Privacy and Electronic Communications Regulations (PECR) explains the use of cookies and similar technologies for gathering information and accessing information already stored on an individual’s device, equipment or computer. PECR Cookie Requirement makes it possible to know about cookies and similar tech.

Fundamentally, cookies are small pieces of information, containing numbers and letters provided by an online service when a user visits them for the first time. There are multiple cookies that are used in various ways. They are useful because they allow a website to recognise a user’s device. Cookies are used in order to run a website more efficiently and to render information to the site owners.

Without cookies, websites do not have a way to ‘remember’ anything regarding visitors, such as whether a user has logged in or not and how many items are there in his or her shopping cart.

What are cookies and similar technologies? (PECR Cookie Requirement)

Without the cookie, there are other ways through which similar functions can achieve for instance, using different characteristics to recognise a device, so that every visit by the user can analyze.

PECR is applicable to every technology that stores or accesses information on a user’s device. This incorporates HTML5 local storage, Local Shared Objects and fingerprinting techniques. Whereas, the majority of electronic marketing is under control by Regulation 22 under the PECR. On the other hand, Regulation 6 under the PECR applies to track pixels or other means to gain access to information on a user’s device.

Using cookies and similar technologies are not prohibited by PECR. But, it does require you to inform people about cookies and also to inform them about the way information stores on their devices. (PECR Cookie Requirement)
Cookies are not referral by name under the PECR, but Regulation 6 states:

(1) A person shall not store or gain access to information, in the terminal equipment of a subscriber or user unless the requirements of paragraph two are there.

(2) The requirements are that the subscriber or user of that terminal equipment:

(a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and
(b) has given his or her consent.

It means for cookies use you should mention what type of cookies are set, what these cookies will do and obtain consent for storing cookies on devices.

From whom we must seek consent?

Under the PECR a consent must obtain from a user or the subscriber (the subscriber being the person who pays the bill for use of the line). In most cases, the user and subscriber will be the same person. However, this is not always the case. It is not specified by the PECR. Either the user or subscriber’s wishes should take priority if individuals have different preferences. PECR also addresses a subscriber’s ability to make decisions in this area. Such as around browser settings, might suggest the subscriber’s preferences take priority. Although in some circumstances this will not always be the case.

Under the PECR, browser settings cover, in which it states a subscriber is capable of making decisions on a user’s behalf. Though there are circumstances in which a user’s wish should take priority. If users complain that your website is setting cookies without taking consent from them, you can demonstrate your compliance with the PECR through the consent you recently received by the subscriber. To overcome such problems, you must provide information to the users. It is regarding cookies and mechanisms by which they can make choices.

Frequently Asked Questions (FAQs) (PECR Cookie Requirement)

1) Are cookies personal information?

Personal information can make a person identifiable. Not all information collected by cookies can identify individuals that use a website. However, websites that use cookies require to have a cookie consent pop-up on their site.

2) Do I need a cookie policy if I don’t use cookies?

It is not compulsory to manifest any lawful basis for setting cookies. But, as cookie use is undeniable. So you must mention all those cookies which your website uses, in your privacy policy.

3) Why do sites have cookie warnings?

It helps advertisers to create a basic personal profile about you, even if you haven’t logged into any website. Advertisers show you ads which they think you will like to buy. A cookie file from a browser can make you see the tracking tags from advertisers in the text.