P&EC "cookie" Regulations

Business use of cookies installed via websites & mobile devices

Privacy and Electronic Communications (EC Directive) (Amendment) Regulations SI 2011/1208

From 26 May 2011, you must obtain the informed consent of users, visitors and/or subscribers to your website before you install cookies, or other means of storing information, on their terminal equipment or mobile devices.

However, the government and the regulator, the Information Commissioner's Office (ICO), recognise that many businesses may not be able to fully comply until the appropriate technical solutions become available, so no enforcement action will be taken until browser manufacturers introduce appropriate updates. Businesses should consider how they use cookies and create a plan to implement any necessary changes. In particular consider;

  • the type of data files being placed on users' equipment and whether or not they are essential
  • the level of users' privacy protection - if intrusion levels are high, consider changing your use of cookies
  • being clear and up front about your use of cookies in the information you provide to users

More information from Businesslink Detailed policy at the Information Commissioner’s Office (ICO)

Government advice also available at the ICO advice page