What are cookies?
Cookies are simple text files that are stored on your computer or mobile device by a website’s server.
Each cookie is unique to your web browser. It will contain some anonymous information such as a unique identifier, website’s domain name, and some digits and numbers.
What types of cookies do we use?
Necessary cookies allow us to offer you the best possible experience when accessing and navigating through our website and using its features. For example, these cookies let us recognize that you have created an account and have logged into that account.
Functionality cookies let us operate the site in accordance with the choices you make. For example, we will recognize your username and remember how you customized the site during future visits.
These cookies enable us and third-party services to collect aggregated data for statistical purposes on how our visitors use the website. These cookies do not contain personal information such as names and email addresses and are used to help us improve your user experience of the website.
How to delete cookies?
If you want to restrict or block the cookies that are set by our website, you can do so through your browser setting. You will find general information about cookies and details on how to delete cookies from your device.
First of all, it's important to understand the relationship between the GDPR and the ePrivacy Directive. In a nutshell, the GDPR provides overarching legislation to govern all aspects of processing personal information, whereas the ePrivacy Directive has a tighter focus on communications and internet services. This means in practice that it relies on the general rules of the GDPR and adds more specific requirements within its own remit. It will ultimately remove differences in interpretation of the cookie rules in different countries.
Where are cookies mentioned in the GDPR?
The GDPR mentions cookies once, in Recital 30:
Natural persons may be associated with online identifiers…such as internet protocol addresses, cookie identifiers or other identifiers…. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.
What this essentially means is that cookies, where they are used to identify the device or, in combination with other data, the individual associated with or using the device, should be treated as personal data.
Privacy and Electronic Communications Regulations (PECR)
Cookies are governed by the Privacy and Electronic Communications Regulations (PECR) which sit alongside the Data Protection Act. In recognition of the forthcoming changes, the European Commission has launched a public consultation as part of a process for a revision of the ePrivacy Directive from which the EU cookie laws are derived.
The PECR do not set out exactly what information you must provide or how to provide it – this is up to you.
In regulation 6 of the PECR, it is set out that you should:
Tell people that the cookies are there
Explain what the cookies are doing and why
Get the individual’s consent to store a cookie on their device.