Is the Cookie Crumbling?

20th January 2017

Derby Office Icon

Blue Cyber fingerprint on computer screen

Since 25 May 2011, as a requirement of the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (the “UK Regulations”), websites have been required to obtain "opt in" consent from users before cookies can be placed on their device.

As you are no doubt aware, cookies are small files that are placed on a user’s device to retain information and, enable tracking and targeted advertising. Opt in consent to cookies is usually obtained via a pop up banner, which requires the user to take positive action to accept the cookie (e.g. ticking a box) before proceeding to use the website.

A new EC e-Privacy Regulation

Just last week, the European Commission published new, draft e-Privacy Regulations which (provided it takes effect before Brexit occurs) would repeal and replace the UK Regulations. As well as making a number of other reforms to the existing e-privacy regime, the new e-Privacy Regulations would introduce changes to the requirements relating to the placing of cookies. EC vice-president for the Digital Single Market, Andrup Ansip, has stated that the aim of these changes is to introduce simpler rules “so that internet users do not have to click on a banner every time they visit a website.”

The proposed new cookie rules

Broadly, under the plans to streamline the current cookie regime, it is proposed that:

  • The meaning of consent would be changed to reflect the definition of consent included in the General Data Protection Regulation 2016 (“GDPR”). This means that consent would need to be freely given, specific, informed, unambiguous and expressed by a statement or a clear affirmative action.

  • However, users would be able to signify their consent to cookies (or block them) by choosing appropriate settings in their browser software. The settings chosen would be binding on third parties.  

  • Specific obligations would be placed on browser providers to ensure that appropriate and user-friendly consent settings, options and explanatory information are provided to users when they install browser software. Users will also need to be provided with an easy way to change their privacy settings at any time or to “whitelist” or blacklist cookies from certain websites.

  • Also, consent would not be required for cookies that do not invade a user’s privacy and aim to improve a user’s internet experience (for example, cookies which remember the contents of a user’s online shopping basket or which monitor web traffic).

  • Businesses that do not comply with the new rules may face fines of up to €10,000,000 or 2% of their global annual turnover.

The aim of the Commission is to bring these changes in to force by 25th May 2018 (the date on which the GDPR comes into force), but it remains to be seen if this very tight timescale will be achieved. In the meantime, the UK Regulations will continue to apply.

What Geldards can do

  • Does your website comply with the current legal requirements? If you don’t think so – or if you aren’t sure – the Geldards Commercial team is happy to provide a free review.  

  • Is your website adequately protected from misuse by browsing users - and is your liability to users limited should anything go wrong? If not, the Geldards Commercial team can advise you on producing simple, consumer-friendly terms and policies to protect your business.

  • Do you have all the legal documentation you need in connection with your website? Such documentation will help you to meet your statutory obligations and will also provide a minimum level of legal protection for your business. Geldards can help you to put them in place.

  • Do you have any questions about the content of your website? If so, the intellectual property specialists at Geldards can help, whether your question is to do with your use of a third party’s images, trade marks or text, or your use of theirs.

Further Information and Legal Support

If you’d like assistance with these or any other issues concerning your website, please do not hesitate to get in touch with a member of the Commercial Team




Geldards Chairman Appointed Interim Chair At D2N2
Geldards Chairman David Williams has been appointed Interim Chair of D2N2 LEP with immediate effect.The change in role follows the appointment of current Chair Elizabeth Fagan as the interim Marketing Strategy Director for the newly formed NHS Track and Trace.


Rent Payment Day – or is it?
24 June is traditionally another quarterly payment day for the majority of retailers and commercial tenants. But with many retailers, pubs, restaurants and other operators either still being unable to trade or only trading with significantly reduced or limited trade, will they be in a position to pay?


Introducing Public Services
The Geldards public services team is one of the largest specialist teams in the country focused on supporting the public sector and organisations providing services to the public sector.


Michelle Craven-Faulkner


Partner, Nottingham

+44 (0)1332 378 391