Since 25 May 2011, as a requirement of the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (the “UK Regulations”), websites have been required to obtain "opt in" consent from users before cookies can be placed on their device.
As you are no doubt aware, cookies are small files that are placed on a user’s device to retain information and, enable tracking and targeted advertising. Opt in consent to cookies is usually obtained via a pop up banner, which requires the user to take positive action to accept the cookie (e.g. ticking a box) before proceeding to use the website.
A new EC e-Privacy Regulation
Just last week, the European Commission published new, draft e-Privacy Regulations which (provided it takes effect before Brexit occurs) would repeal and replace the UK Regulations. As well as making a number of other reforms to the existing e-privacy regime, the new e-Privacy Regulations would introduce changes to the requirements relating to the placing of cookies. EC vice-president for the Digital Single Market, Andrup Ansip, has stated that the aim of these changes is to introduce simpler rules “so that internet users do not have to click on a banner every time they visit a website.”
The proposed new cookie rules
Broadly, under the plans to streamline the current cookie regime, it is proposed that:
- The meaning of consent would be changed to reflect the definition of consent included in the General Data Protection Regulation 2016 (“GDPR”). This means that consent would need to be freely given, specific, informed, unambiguous and expressed by a statement or a clear affirmative action.
- However, users would be able to signify their consent to cookies (or block them) by choosing appropriate settings in their browser software. The settings chosen would be binding on third parties.
- Specific obligations would be placed on browser providers to ensure that appropriate and user-friendly consent settings, options and explanatory information are provided to users when they install browser software. Users will also need to be provided with an easy way to change their privacy settings at any time or to “whitelist” or blacklist cookies from certain websites.
- Also, consent would not be required for cookies that do not invade a user’s privacy and aim to improve a user’s internet experience (for example, cookies which remember the contents of a user’s online shopping basket or which monitor web traffic).
- Businesses that do not comply with the new rules may face fines of up to €10,000,000 or 2% of their global annual turnover.
The aim of the Commission is to bring these changes in to force by 25th May 2018 (the date on which the GDPR comes into force), but it remains to be seen if this very tight timescale will be achieved. In the meantime, the UK Regulations will continue to apply.
What Geldards can do
- Does your website comply with the current legal requirements? If you don’t think so – or if you aren’t sure – the Geldards Commercial team is happy to provide a free review.
- Is your website adequately protected from misuse by browsing users - and is your liability to users limited should anything go wrong? If not, the Geldards Commercial team can advise you on producing simple, consumer-friendly terms and policies to protect your business.
- Do you have all the legal documentation you need in connection with your website? Such documentation will help you to meet your statutory obligations and will also provide a minimum level of legal protection for your business. Geldards can help you to put them in place.
- Do you have any questions about the content of your website? If so, the intellectual property specialists at Geldards can help, whether your question is to do with your use of a third party’s images, trade marks or text, or your use of theirs.
Further Information and Legal Support
If you’d like assistance with these or any other issues concerning your website, please do not hesitate to get in touch with a member of the Commercial Team.
MODERN SLAVERY ACT; ICELAND VS ICELAND >>