Skip to content

What is a Cookie Banner?

Table of Contents

Many online businesses in our technology-savvy world now use cookies on their websites. 

For example, several online shops use cookies to remember user items in a shopping basket, track behaviour and customise user experiences. However, when using cookies, strict legal rules apply. One of the key rules to follow is to obtain user consent for using cookies. Most businesses address this by using a pop up ‘cookie banner’. This article will explain the background of the legal requirements and what a website cookie banner is. 

A cookie banner is a pop-up that arises when a user goes onto a website. The banner is often referred to as a ‘cookie consent banner’ as it: 

  • tells the user that the website uses cookies; and 
  • requests consent from the user to deploy cookies before they can access the website. 

A cookie banner often gives a website user the choice to accept or reject cookies on a website.

What is a Cookie?

A cookie is a small text file stored on a user’s device, such as their computer, phone or tablet. Cookies can enable businesses to identify individual users and store certain information about them. Cookies are also often used for targeting and advertising purposes, for example, based on the browser history of a website user. 

There are various types of cookies, such as:

  • essential or strictly necessary cookies;
  • performance or analytical cookies;
  • functionality cookies; and
  • targeting or advertising cookies. 

A website could use cookies for:

  • remembering the items in a customer’s cart; 
  • counting the number of visitors to the website; or 
  • personalising content targeted at a user.
Continue reading this article below the form
Need legal advice?
Call 0808 196 8584 for urgent assistance.
Otherwise, complete this form and we will contact you within one business day.

What is the Law Governing Cookies?

The critical law governing the use of cookies is the Privacy and Electronic Communications Regulations (‘PECR’). The PECR sets out various rules for businesses to follow when using cookies. We explain some of these rules in the table below.

RuleExplanation
Notifying UsersUnless an exception applies, you must tell individuals you are using cookies. A cookie policy is a document that provides detailed information about the use of cookies. A cookie policy describes various information about a business’s different types of cookies and how they are used. Often, it allows users to understand how to control and change their preferences around using cookies. 
User ConsentYou must obtain a user’s consent to deploy cookies on their device unless the cookies are essential. For example, cookies may be strictly necessary to make a website work. We explore this further below. 

The UK GDPR and Data Protection Act 2018 also govern cookies to the extent that their use involves the processing of personal data.

There are some points you should consider when using cookie banners. 

1. Consent

When you need consent to deploy cookies under PECR, the user’s consent must be clear, freely given, specific, informed, and unambiguous. As a result, it is vital that your cookie consent mechanism is correct and compliant with PECR. 

You will need to ensure that you can show that a user has given their specific, informed and ambiguous consent for you to deploy cookies on their device. 

You should note that ‘implied’ consent is not compliant with the PECR rules. Users must take an active step to show they consent to the use of cookies. 

2. Displaying the Banner

 A cookie banner should appear when a user first visits a website, to meet these strict requirements. The banner should deal with the consent requirements under PECR and provide information about the website’s cookie policy detailing the specific cookies the website uses. 

Businesses also need to consider how to provide clear and comprehensive information about cookies without confusing or disrupting a user’s experience. In practice, this can be difficult. 

You should note the risks around using techniques such as cookie banners. For example, suppose a user ignores the cookie banner without indicating their consent to using cookies, and you go ahead and deploy non-essential cookies. In this instance, the user would not have provided consent, and you would be in breach of the PECR rules. 

If your business uses non-compliant cookie banners or fails to obtain valid consent for the use of cookies, you will be in breach of the rules under PECR. The Information Commissioner’s Office can impose fines of up to £500,000 for violating the PECR rules. 

Unfortunately, preparing compliant cookie banners can be complicated, and this is an area a lot of businesses struggle with in practice. If you are unsure about how to ensure that your cookies use and preference settings comply with the PECR rules, you should take legal advice from a data protection solicitor.

Front page of publication
GDPR Essentials Factsheet

This factsheet sets out how your business can become GDPR compliant.

Download Now

Key Takeaways

If you are using cookies on your website, you must note the strict legal rules under PECR. You must ensure that your website users take explicit action to consent to non-essential cookies. A cookie banner is a common approach that most businesses with websites take. However, using a cookie banner comes with risk, and you must ensure your consent mechanism is compliant with the PECR rules.

If you need advice on the legal rules around using cookies, our experienced data, privacy and IT lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0808 196 8584 or visit our membership page.

Register for our free webinars

Protecting and Enforcing Your Brand

Online
Protect your brand from misuse and infringement. Register for our free webinar.
Register Now

Deal Structures 101: Understanding Equity, ASAs and Convertible Notes

Online
As a startup founder, understand your capital raising options. Register for our free webinar today.
Register Now

Common Legal Pitfalls for SaaS and Online Businesses

Online
Protect your online or SaaS business from common legal pitfalls. Register for our free webinar.
Register Now

GDPR Compliance Essentials for SMEs

Online
Ensure our business is compliant with GDPR and build trust with customers. Register for our free webinar.
Register Now
See more webinars >
Sej Lamba

Sej Lamba

Read all articles by Sej

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

We’re an award-winning law firm

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2023 Economic Innovator of the Year Finalist - The Spectator

  • Award

    2023 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2023 Future of Legal Services Innovation - Legal Innovation Awards