Table of Contents
Almost all websites use cookies in today’s digital world. Cookies serve various purposes, from helping sites run more efficiently to enhancing user experiences and analysing consumer behaviour. However, website owners should note that strict privacy law rules regulate cookies. To comply with these rules, businesses must understand what cookies they use and why. This article will explore what a cookie audit is and why it is essential for businesses using cookies to carry out.
What Are Cookies?
A cookie is a small text file typically stored on a user’s computer, phone or tablet. Cookies can have a variety of purposes. For example, cookies can:
- store information about a user’s login details or preferences on an online shop;
- remember a user’s preferences; and
- be deployed for targeting and advertising purposes.
Different types of cookies include:
- essential or strictly necessary cookies;
- performance or analytical cookies;
- functionality cookies; and
- targeting or advertising cookies.
What is the Law Governing Cookies?
The key law governing the use of cookies is the Privacy and Electronic Communications Regulations (‘PECR’), which sets rules around using electronic communications and cookies. Cookies are also regulated by the UK General Data Protection Regulation and Data Protection Act 2018 if the use of cookies involves processing personal data.
Let us explore some of the key rules under PECR concerning cookies applying to most businesses.
1. Cookie Consent
Under the PECR, you must tell individuals that you are using cookies and obtain their consent to use various types of cookies. Note that exceptions apply when cookies are strictly necessary for a website to work.
2. Cookie Policy
You must provide clear and comprehensive information about your use of cookies. Businesses often use a cookie policy document to provide this.
Continue reading this article below the formCall 0808 196 8584 for urgent assistance.
Otherwise, complete this form and we will contact you within one business day.
What is a Cookie Audit?
For the reasons mentioned above, businesses must conduct a comprehensive cookie audit. This is because understanding which cookies your website uses is vital to comply with the rules under the PECR.
As part of the audit, you must understand exactly which cookies your website uses and how they work.
This can be a technical and time-consuming exercise, so it is sensible to involve website developers or technical experts to assist with this process. You could also seek to use cookie audit tools offered by suppliers.
Key questions to ask during the audit are:
- Which strictly necessary cookies does your website use and why?
- Which functionality cookies does your website use and why?
- Does your website use analytical or performance cookies? If so, why?
- Does your website use any targeting cookies? If so, why?
- Do you have a cookie preference centre or other way for users to control cookies deployed on the website?
- What is the expiration date of the cookies?
- What types of data do your cookies collect, and do they collect personal data?
- Is any data you collect from cookies shared with third parties?
Why Are Cookie Audits Important?
You must use the information from your cookie audit to comply with the relevant legal rules. For example, you must understand how your cookies work to determine how to get consent from users and provide information about them and their purposes.
Under the UK GDPR regime, additional rules apply if your cookies collect personal data from individuals. A cookie audit will help determine whether your cookies could identify individuals.
You must carry out cookie audits when launching your website and then regularly review them so that you can consider any changes from time to time.
The data protection regulator has been paying increasing attention to this area, and businesses must prioritise compliance with these rules.
If you are unsure about the rules regarding using cookies on your website, you should seek specialist legal advice before deploying cookies. You must use cookies in compliance with the law.
This Website Privacy Notice states how a business will deal with the personal information of its users.
Key Takeaways
It is essential for websites using cookies to undergo a thorough cookie audit. A cookie audit will help you determine the types of cookies the website uses, the purposes for the cookies being deployed and how users can control the use of your website’s cookies. You must conduct a cookie audit to comply with mandatory legal rules under PECR. You may also need to comply with UK GDPR rules if the cookies collect personal data. If you need clarification about the rules that apply to the cookies your website deploys, you should seek expert legal advice.
If you need advice on the legal rules around using cookies, our experienced Data, Privacy and IT lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0808 196 8584 or visit our membership page.
We appreciate your feedback – your submission has been successfully received.