Reed Smith Client Alerts

The UK Information Commissioner’s Office (ICO) has published its eagerly awaited updated guidance on cookies. Many companies have been frustrated by the lack of clarity on what is expected on this issue since a whole range of different approaches can be seen across the internet. In many respects therefore, this guidance was to be welcomed but there was also mounting nervousness at how far the guidance might go.

Auteurs: Elle Todd

In short, the guidance confirms what most data practitioners already knew about cookie requirements and there are few big surprises. However, since many companies have not been complying, steps will need to be taken by huge numbers of sites and services to avoid censure now that the regulator has confirmed what it expects. There is no transition or lead time for compliance. This is in force now. 

One reason companies had been reticent in making wholescale changes to their cookie approach following the implementation of the General Data Protection Regulation (GDPR) is that the rules on installing cookies are set out in the separate Privacy and Electronic Communications Regulations (sometimes referred to as PECR or the e-Privacy Regulations). This legislation is in the process of being updated and many had therefore been waiting for this to be finalised before really worrying about taking action. • The ongoing delays here have not been helpful. However, this guidance sends a warning to companies that, just because there may be future changes, this does not mean you do not have to comply with the existing regime and, of course, GDPR.