When Do I Need a Cookie Policy on My Mobile App?

Mobile apps often use cookies for various purposes. As such, mobile apps must comply with strict legal rules around using cookies under the UK’s Privacy and Electronic Communications Regulations (PECR). One of the essential requirements under PECR is to present a cookie policy which explains how the app uses cookies. App owners must understand the legal rules around cookies and the laws which regulate their use. This article will explore when your business needs a cookie policy on your mobile app. 

What Are Cookies?

A cookie is a small text file stored on a user’s device (e.g., computer, phone, or tablet) with various purposes, such as:

• storing login details or preferences; 
• remembering user preferences; and 
• targeting and advertising.

Common types of cookies include:

• essential or strictly necessary cookies;
• performance or analytical cookies; 
• functionality cookies; and 
• targeting or advertising cookies.

Cookies function in various ways on mobile apps. For instance, to remember what items are in a shopper’s cart on a retailer’s mobile app. 

What Is a Mobile App Cookie Policy?

Mobile apps commonly utilise cookies. As such, apps must comply with the legal requirements for using cookies. To comply with PECR, you must inform users about cookies and, in most circumstances, obtain consent to use or decline them. 

Unless exceptions apply, PECR mandates that mobile apps obtain informed consent before storing cookies on users’ devices. It is, therefore, vital to provide a cookie policy accessible to users before the app deploys cookies on their devices. 

GDPR Essentials Factsheet

This factsheet sets out how your business can become GDPR compliant.

Download Now

A cookie policy is a detailed document explaining the types of cookies a business uses and how to manage their preferences regarding cookie usage. 

Apps using cookies should provide users with comprehensive information about cookies in a user-friendly manner, ensuring utmost transparency. Providing clear and comprehensive details about cookies will enable users to understand the types and functions used.

When Do I Need a Cookie Policy on My Mobile App?

If your mobile app uses cookies, you should implement a comprehensive mobile app cookie policy. The UK ICO (the data protection regulator) advises businesses to implement cookie policies as best practice, even for strictly necessary cookies. 

Your mobile app cookie policy should cover essential details, such as:

• The Types of Cookies: you should clearly outline the different types of cookies your app will utilise, including any essential cookies, performance cookies, functionality cookies, and targeting or advertising cookies;
• Purpose of Cookies: You should comprehensively explain the purposes of each type of cookie. For instance, explain how specific cookies may perform functions such as recalling user preferences, enhancing app performance, or delivering personalised advertisements;
• Duration of Cookies: You should state how long cookies will remain on users’ devices. The relevant duration could vary depending on the type of cookie and its purpose. For instance, session cookies may expire when the user closes the app, but persistent cookies may remain on their device for any period;
• Third-Party Access: You should disclose whether third parties, such as analytics providers or advertising networks, will have access to the cookies deployed by your app. It is vital to include clear information about data-sharing practices and usage; and
• Opt-Out Mechanisms: Your cookie policy must explain how users can opt out of using cookies should they choose to do so. This could involve settings within the app to manage cookie preferences or directing users to device settings to control cookie use. 

By disclosing these critical points in your mobile app cookie policy, you can ensure that users are informed about the use of cookies within your app. This can demonstrate complete transparency and allow users to understand how to control cookies when using your app.  

Points to Note

In practice, cookie policies for apps can be challenging to draft. For instance, additional rules would apply where cookies could collect users’ personal data. For example, data privacy laws such as the UK General Data Protection Regulation law rules may apply if cookies can collect users’ personal information. 

Cookies also require a technical analysis to understand which cookies an app deploys so you can provide transparent information about them. If you need support with a cookie policy, you can seek advice from a data protection lawyer to guide you and prepare the policy on your behalf. 

Key Takeaways

If your mobile app uses cookies, you should publish a comprehensive mobile app cookie policy. A mobile app cookie policy is crucial to demonstrate compliance with mandatory legal rules under PECR. 

A mobile app cookie policy should contain a wide range of information, such as details about the types of cookies, their purposes, and their duration. Users must also understand how to opt out of using cookies. You should get legal advice about cookie law rules and how they apply to your mobile applications if you need clarification on your obligations. 

If you need legal advice on complying with cookie law rules, LegalVision’s experienced data, privacy, and IT lawyers can assist you as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers who can answer your questions and draft and review your documents. Call us today at 0808 196 8584 or visit our membership page.