While GDPR doesn’t necessarily affect current cookie laws as such at the moment, there are considerations that have to be taken into account on the occasions where cookies include personal data. If they do, then GDPR will come into play and consequently affect how consent should be acquired for using those cookies and how we should deal with that information.
What are Cookies?
A cookie is the name given to a small text file that carries information about the user of a website and will be stored on their own computer. It is then used by the website for a variety of reasons, for example tailoring what the user sees depending on what they have browsed before, for Google Analytics, or ecommerce.
Current PECR and What Actions to Take Now
Unfortunately, with the increased threshold for consent required by GDPR, this may no longer be satisfactory, and you may need to get explicit consent from the visitor such as getting them to click a box signifying acceptance before you can let them browse your site. The indecision lies in the fact that PECR is currently undergoing review and will not be finalised until probably 2019. Obviously far too late to be included in considerations for changes that have to be made for GDPR.
- Make sure you have a banner or pop-up that can be easily seen and read; no tiny fonts or obscure colourings, or a notification hidden away somewhere at the bottom of the page.
Please also be aware of timing, in that you need to make sure you are getting consent first before the cookie is placed on the user’s machine.
Overall, you shouldn’t worry too much about being fined or getting into difficulties because of non-compliance when it comes to cookies as there is no current hard and fast rule that you should be adhering to. It is rumoured that the PECR draft may contain information on a preference for gaining consent through browser settings rather than implicit acceptance via a banner or pop-up, but until it is published nothing is set in stone.
If you can show that at least your website conforms to the current rules, whereby you are using a pop-up or clear banner that can be seen and read easily by visitors to your website, you should be covered until clear regulations are provided in 2019.