What information needs to be provided about cookies?

What information needs to be provided about cookies?

The information provided by websites about the cookies they use and would like to place on users devices varies from none to lenghty documents that you need a law degree to understand.  The ePrivacy Directive is clear on this point, that the information provided about cookies needs to be ‘Clear and Comprehensive information’.

To quote the guidance provided by the UK Information Commissioner Office (ICO):

What does ‘clear and comprehensive information’ mean?

PECR does not define what ‘clear and comprehensive information’ means. However, Article 5(3) of the ePrivacy Directive says that clear and comprehensive information should be provided ‘in accordance with’ data protection law.

This relates to the GDPR’s transparency requirements and the right to be informed. It means that when you set cookies you must provide the same kind of information to users and subscribers as you would do when processing their personal data (and, in some cases, your use of cookies will involve the processing of personal data anyway).

The information has to cover:

  • the cookies you intend to use; and
  • the purposes for which you intend to use them.

These requirements also apply to cookies set by any third parties whose technologies your online service incorporates – this would include cookies, pixels and web beacons, JavaScript and any other means of storing or accessing information on the device including those from other services such as online advertising networks or social media platforms.

The Recitals of the ePrivacy Directive further clarify that:

  • you must make users aware of the cookies being placed on their devices; and
  • your methods of providing this information, and the capability for users to refuse, are to be as user-friendly as possible.

Whilst providing information about cookies equates to the transparency requirements of data protection law, levels of user understanding will differ. If you use cookies you will need to make a particular effort to explain their activities in a way that all people will understand.

Long tables or detailed lists of all the cookies operating on the site may be the type of information that your users will want to consider. Some sites might use tens or even hundreds of cookies and therefore it may also be helpful to provide a broader explanation of the way cookies operate and the categories of cookies in use. For example, a description of the types of things you use analytics cookies for on the site will be more likely to satisfy the requirements than simply listing all the cookies you use with basic references to their function.

CookieScan automatically categorises the identified cookies found on the website into:

  • Necessary
  • Preference
  • Marketing
  • Statistic
  • Unclassified

CookieScan also provides the site user with an option to view all the cookies in each category and gives clear and comprehensive infromation on each, outlining the lenght of time the cookie will be on the device, the provider of the cookie and the purpose of the cookie.

This gives the user sufficient information for them to make an informed decision before giving their explicit consent for the cookie to be set on their device.

CookieScan is your complete cookie management solution and will show your website visitors you are serious about protecting their data and you are being totally transparent about what data you would like to collect.

Ensure your website is PECR and ePrivacy compliant

Create a FREE CookieScan account today and start managing your cookie consent.

Get Started