Skip to content
LegalVision UK

What is a Cookie Audit?

Avatar photo

By Sej Lamba

Updated on
Reading time: 5 minutes

Meets editorial guidelines

This article meets our strict editorial principles. Our lawyers, experienced writers and legally trained editorial team put every effort into ensuring the information published on our website is accurate. We encourage you to seek independent legal advice. Learn more.

Follow us on LinkedIn
Table of Contents

Almost all websites use cookies in today’s digital world. Cookies serve various purposes, from helping sites run more efficiently to enhancing user experiences and analysing consumer behaviour. However, website owners should note that strict privacy law rules regulate cookies. To comply with these rules, businesses must understand what cookies they use and why. This article will explore what a cookie audit is and why it is essential for businesses using cookies to carry out. 

What Are Cookies?

A cookie is a small text file typically stored on a user’s computer, phone or tablet. Cookies can have a variety of purposes. For example, cookies can:

  • store information about a user’s login details or preferences on an online shop;
  • remember a user’s preferences; and
  • be deployed for targeting and advertising purposes.

Different types of cookies include:

  • essential or strictly necessary cookies;
  • performance or analytical cookies;
  • functionality cookies; and
  • targeting or advertising cookies.

What is the Law Governing Cookies?

The key law governing the use of cookies is the Privacy and Electronic Communications Regulations (‘PECR’), which sets rules around using electronic communications and cookies. Cookies are also regulated by the UK General Data Protection Regulation and Data Protection Act 2018 if the use of cookies involves processing personal data.

Let us explore some of the key rules under PECR concerning cookies applying to most businesses.

1. Cookie Consent

Under the PECR, you must tell individuals that you are using cookies and obtain their consent to use various types of cookies. Note that exceptions apply when cookies are strictly necessary for a website to work.

2. Cookie Policy

You must provide clear and comprehensive information about your use of cookies. Businesses often use a cookie policy document to provide this.

Some of the vital information to be provided includes:

  • which cookies your website uses;
  • why you use cookies and how they will operate;
  • how long you will use the cookies;
  • information about whether third parties will have access to the cookies; and
  • information about how users can opt out of the use of cookies.

Continue reading this article below the form
Need legal advice?
Call 0808 196 8584 for urgent assistance.
Otherwise, complete this form and we will contact you within one business day.

For the reasons mentioned above, businesses must conduct a comprehensive cookie audit. This is because understanding which cookies your website uses is vital to comply with the rules under the PECR.

As part of the audit, you must understand exactly which cookies your website uses and how they work.

This can be a technical and time-consuming exercise, so it is sensible to involve website developers or technical experts to assist with this process. You could also seek to use cookie audit tools offered by suppliers.

Key questions to ask during the audit are:

  • Which strictly necessary cookies does your website use and why?
  • Which functionality cookies does your website use and why?
  • Does your website use analytical or performance cookies? If so, why?
  • Does your website use any targeting cookies? If so, why?
  • Do you have a cookie preference centre or other way for users to control cookies deployed on the website? 
  • What is the expiration date of the cookies?
  • What types of data do your cookies collect, and do they collect personal data?
  • Is any data you collect from cookies shared with third parties?

You must use the information from your cookie audit to comply with the relevant legal rules. For example, you must understand how your cookies work to determine how to get consent from users and provide information about them and their purposes.

Under the UK GDPR regime, additional rules apply if your cookies collect personal data from individuals. A cookie audit will help determine whether your cookies could identify individuals. 

You must carry out cookie audits when launching your website and then regularly review them so that you can consider any changes from time to time.

The data protection regulator has been paying increasing attention to this area, and businesses must prioritise compliance with these rules. 

If you are unsure about the rules regarding using cookies on your website, you should seek specialist legal advice before deploying cookies. You must use cookies in compliance with the law. 

Front page of publication
Privacy Notice

This Website Privacy Notice states how a business will deal with the personal information of its users.

Download Now

Key Takeaways

It is essential for websites using cookies to undergo a thorough cookie audit. A cookie audit will help you determine the types of cookies the website uses, the purposes for the cookies being deployed and how users can control the use of your website’s cookies. You must conduct a cookie audit to comply with mandatory legal rules under PECR. You may also need to comply with UK GDPR rules if the cookies collect personal data. If you need clarification about the rules that apply to the cookies your website deploys, you should seek expert legal advice.

If you need advice on the legal rules around using cookies, our experienced Data, Privacy and IT lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0808 196 8584 or visit our membership page

Register for our free webinars

Protecting and Enforcing Your Brand

Online
Protect your brand from misuse and infringement. Register for our free webinar.
Register Now

Deal Structures 101: Understanding Equity, ASAs and Convertible Notes

Online
As a startup founder, understand your capital raising options. Register for our free webinar today.
Register Now

Common Legal Pitfalls for SaaS and Online Businesses

Online
Protect your online or SaaS business from common legal pitfalls. Register for our free webinar.
Register Now

GDPR Compliance Essentials for SMEs

Online
Ensure our business is compliant with GDPR and build trust with customers. Register for our free webinar.
Register Now
See more webinars >
Sej Lamba

Sej Lamba

Read all articles by Sej

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

Related articles

What is a Cookie Policy?

4 Legal Considerations Before Starting an eCommerce Business

Can I Use Content From Other Business’ Websites in the UK?

Four Reasons Why Bespoke Legal Documents are a Good Idea for Your UK Online Business

We’re an award-winning law firm

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2023 Economic Innovator of the Year Finalist - The Spectator

  • Award

    2023 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2023 Future of Legal Services Innovation - Legal Innovation Awards