My Digital Garden

How do we comply with the cookie rules

How do we comply with the cookie rules



Original source clipped #2024-02-23


(generated via ChatGPT using the fabric/summarize prompt)

PECR outlines responsibilities and guidelines for online services regarding cookie usage, consent mechanisms, and compliance, emphasizing clear information and valid user consent.

Main points

  1. PECR mandates clear information about cookies and valid consent but doesn't specify who is responsible for compliance.
  2. The entity setting cookies is primarily responsible for compliance, especially when cookies serve their own purposes.
  3. Planning for new online services should include a detailed cookie strategy and arrangements with third parties.
  4. Conducting a cookie audit involves identifying cookies, their purposes, types, lifespans, and ensuring valid consent mechanisms.
  5. Information about cookies must be clearly communicated to users upon their first visit to an online service.
  6. Consent mechanisms should allow users control over all cookies, including third-party ones, to comply with PECR.
  7. Techniques like message boxes for consent must consider user experience and provide clear options without undue disruption.
  8. Consent cannot be bundled with terms and conditions or obtained through pre-enabled non-essential cookies.
  9. Third-party cookies require clear information and consent, with both the website and third party responsible for compliance.
  10. Analytics cookies are not exempt from consent requirements, even if they are first-party or perceived as non-intrusive.


  1. Clear and comprehensive information about cookie use is crucial for obtaining valid user consent.
  2. Regular reviews and audits of cookie usage are recommended to ensure compliance and adapt to changes.
  3. Consent mechanisms must be designed to be user-friendly and provide genuine choice to comply with PECR and UK GDPR.
  4. Third-party cookies pose additional compliance challenges, necessitating clear agreements and user information.
  5. Analytics cookies require consent, emphasizing the need for transparency in how user data is collected and used.