Cookie Policy
A cookie is a small piece of data that a website asks your browser to store on your computer or mobile device. The cookie allows the website to “remember” your actions or preferences over time. Most browsers support cookies, but users can set their browsers to decline them and can delete them whenever they like.
The Cookie Law is a piece of privacy legislation that requires websites to get consent from visitors to store or retrieve any information on a computer, smartphone or tablet. It was designed to protect online privacy, by making consumers aware of how information about them is collected and used online, and give them a choice to allow it or not.
It started as an EU Directive that was adopted by all EU countries in May 2011. The Directive gave individuals rights to refuse the use of cookies that reduce their online privacy. Each country then updated its own laws to comply. In the UK this meant an update to the Privacy and Electronic Communications Regulations.
Websites mainly use cookies to:
• identify users.
• remember users’ custom preferences.
• help users complete tasks without having to re‑enter information when browsing from one page to another or when visiting the site later.
Cookies can also be used for online behavioural target advertising and to show adverts relevant to something that the user searched for in the past.
How are they used?
The web server supplying the webpage can store a cookie on the user’s computer or mobile device. An external web server that manages files included or referenced in the webpage is also able to store cookies. All these cookies are called http header cookies. Another way of storing cookies is through JavaScript code contained or referenced in that page.
Each time the user requests a new page, the web server can receive the values of the cookies it previously set and return the page with content relating to these values. Similarly, JavaScript code is able to read a cookie belonging to its domain and perform an action accordingly.
What are the different types of cookies?
A cookie can be classified by its lifespan and the domain to which it belongs. By lifespan, a cookie is either a:
• session cookie which is erased when the user closes the browser or
• persistent cookie which remains on the user’s computer/device for a pre-defined period of time.
As for the domain to which it belongs, there are either:
• first-party cookies which are set by the web server of the visited page and share the same domain.
• third-party cookies stored by a different domain to the visited page’s domain. This can happen when the webpage references a file, such as JavaScript, located outside its domain.
EU legislation on cookies
EUROPA websites must follow the Commission’s guidelines on privacy and data protection and inform users that cookies are not being used to gather information unnecessarily.
The ePrivacy directive – more specifically Article 5(3) – requires prior informed consent for storage or for access to information stored on a user’s terminal equipment. In other words, you must ask users if they agree to most cookies and similar technologies (e.g. web beacons, Flash cookies, etc.) before the site starts to use them.
For consent to be valid, it must be informed, specific, freely given and must constitute a real indication of the individual’s wishes.
However, some cookies are exempt from this requirement. Consent is not required if the cookie is:
• used for the sole purpose of carrying out the transmission of a communication, and
• strictly necessary in order for the provider of an information society service explicitly required by the user to provide that service.
Cookies clearly exempt from consent according to the EU advisory body on data protection- WP29 include:
• user‑input cookies (session-id) such as first‑party cookies to keep track of the user’s input when filling online forms, shopping carts, etc., for the duration of a session or persistent cookies limited to a few hours in some cases
• authentication cookies, to identify the user once he has logged in, for the duration of a session
• user‑centric security cookies, used to detect authentication abuses, for a limited persistent duration
• multimedia content player cookies, used to store technical data to play back video or audio content, for the duration of a session
• load‑balancing cookies, for the duration of session
• user‑interface customisation cookies such as language or font preferences, for the duration of a session (or slightly longer)
• third‑party social plug‑in content‑sharing cookies, for logged‑in members of a social network.
.