26th May 2011 saw alterations made to Regulation 6 of the Privacy and Electronic Communications Regulation 2003 (PECR) which focussed on electronic privacy and in particular the use of website cookies. This resulted in a new EU and UK law being passed. The following is the new addition to Regulation 6:
A person shall not store or gain access to information stored in the terminal equipment of a subscriber or user unless the requirements of paragraph  are met.
The requirements are that the subscriber or user of that terminal equipment:
Is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and
Has given his or her consent.
In plain English, the law states those people whose websites set cookies must:
Tell users what the cookies are.
Explain what the cookies are doing.
Obtain the user’s consent to store most (all cookies except one deemed ‘strictly necessary’ require the user’s permission to be used) cookies on their device.
A cookie is a small text file that is put on a user’s computer when they visit and/or do things on a website. Cookies have been around for years and carry data and not code, so are unable to transmit anything dangerous. The main job of a cookie is to remember things – ranging from your favourite font size or what marketing material you are likely to browse, both with different levels of intrusiveness.
Types of Cookies
There are four types of cookies, session, persistent, first-party and third party.
Only remain active whilst visiting the website. Stores the fact that you have logged on to the website. Usually deleted by the web browser and deemed unobtrusive.
Can last for years and are not deleted by the web browser. Are used by Google’s new remarketing service and deemed more intrusive than session cookies as this data is used by third-parties.
Cookies set up by the visiting website. The cookie can only read pages that it was designated to by the creator. Deemed unobtrusive, yet depends on the scale of the website.
Considered more obtrusive. Website ‘A’ is visited by user ‘Bob’. Website ‘B’ has created a cookie to read from ‘A’. The creator of the cookie is untraceable from both websites. The cookie can then be used for marketing and building up a browser history of Bob across all the websites he visits that have this cookie attached to them.
This website uses the following cookies on each page:
To enhance your browsing quality by allowing us to know what pages you visit on this website and others.
We use this information to compile reports on website usage, visitor sources and analyse browser versions.
This website contains a banner on the home page asking you to allow the cookies, in compliance with the new law.