Does the new cookies guidance take the biscuit?!
This guidance therefore provides such much-needed clarity but may also lead to a number of website and app owners having to rethink how they currently go about obtaining consent.
Some of the key takeaways from the guidance include:
- You must provide people with clear information about the cookies that you intend to use and the purposes and duration of such cookies. Such information should be provided in such a way that users will see it when they first visit your site or app (for example by way of a cookie pop-up).
- Consent must be obtained in order to use non-essential cookies. The GDPR standard of consent applies which means that it must be demonstrated by a clear, affirmative action such as actively ticking a box. Pre-ticked boxes or ‘on’ sliders are not allowed. Similarly, simply continuing to navigate or browse through a website will not satisfy this requirement.
- Consent must be obtained before the cookies are enabled – this means that non-essential cookies cannot be placed on the homepage of a website or app if a user has not yet had the opportunity to consent to their use.
- Consent is not required for what are known as "strictly necessary cookies" i.e. cookies that are essential to provide a service requested by the user or to comply with any other legislation. Examples given are cookies that ensure that when a user adds goods to a basket on an e-commerce site, the site remembers what items they placed in that basket when the user proceeds to the checkout.
- If you use third-party cookies on your website, you must identify the third parties and the purposes for which such cookies will be used.
For more information on the guidance and its implications, please contact our TMT team.