United Kingdom

cookielaws  UKsmall United Kingdom

Data Protection Authority

The relevant authority in the UK is the Information Commissioner’s Office (ICO), which is responsible for the enforcement of the Data Protection Act and to uphold the freedom of information.

Guidance

An FAQs page for organisations on cookies by the ICO.

Detailed Guidance Document (PDF) from the ICO on cookies. For the use of cookie banners, page 19 and 20 are particularly relevant, but the document sets out a lot of information about all facets of the cookie provision and is a very insightful read.

Compliance Method: Cookie Banners

The ICO itself recommends cookie banners, which either outright ask for consent or indicate that continuing to browse indicates consent. This banner must also contain a link to a more detailed cookie policy page (for the exact information required, see page 17 of the Guidance Document). The ICO even warns publishers that using a method which explicitly asks users for consent can hamper the user experience if not implemented properly, but does state that it is a good way to ensure cookies are not installed before users have consented.

On the topic of prior consent, the ICO states that in principle cookies should not be dropped before consent is given. It concedes, however, that in reality it is difficult for a website publisher to ensure users are adequately informed for dropping cookies.

“Wherever possible the setting of cookies should be delayed until users have had the opportunity to understand what cookies are being used and make their choice. Where this is not possible at present websites should be able to demonstrate that they are doing as much as possible to reduce the amount of time before the user receives information about cookies and is provided with options.”

With regard to the possibility of using browser settings to provide consent, the ICO explains on it’s FAQ page that currently browsers do not give users the opportunity to accept or refuse cookies by type, and thus the consent given through a browser cannot be specific enough to be meaningful. The ICO states that perhaps in the future it will be possible to use web browser settings to determine consent, but for now it doesn’t consider it possible to use it for consent.

Implementing Legislation

The UK has implemented Article 5 (3) through Privacy and Electronic Communications (EC Directive) Regulations of 2003. Regulation 6, which was amended in 2011 to account for the 2009 amendments in the ePrivacy Directive, provides that cookies may only be placed when the subscriber or user is provided with clear and comprehensive information and has given their consent. Please note that the version linked to does not include the amendment, which changes Regulation 6 (2) (b) to require consent to as opposed to providing a possibility to refuse cookies.

Regulation 6 (3) and (3A) provide that consent only has to be given upon the initial use of a website, and that consent can be indicated by the settings on the web browser of the user. Additionally, the amendments in 2011 created the possibility to consent via the use of settings of a web browser. However, as is explained above, current web browsers are not considered sufficient for giving meaningful consent.

 Table of National Implementations

 

ATsmall

Austria

BEsmall

Belgium

BGsmall

Bulgaria

CHsmall

Switzerland

CYsmall

Cyprus

CZsmall

Czech
Republic

DEsmall

Germany

DKsmall

Denmark

EEsmall

Estonia

ELsmall

Greece

ESsmall

Spain

FIsmall

Finland

FRsmall

France

HRsmall

Croatia

HUsmall

Hungary

IEsmall

Ireland

ITsmall

Italy

LTsmall

Lithuania

LUsmall

Luxembourg

LVsmall

Latvia

MTsmall

Malta

NLsmall

Netherlands

NOsmall

Norway

PLsmall

Poland

PTsmall

Portugal

ROsmall

Romania

SEsmall

Sweden

SIsmall

Slovenia

SKsmal

Slovakia

UKsmall

UK

 

Return to Overview

 

X

Thank you for your interest in our article. We’d love to get in touch with you to find out how you are using our research. If you don’t mind us sending you an email to ask you if the article was helpful, then please enter your email address and download the report.

We promise we won’t spam you!

Login

Become a Member Lost your password?