The Privacy and Electronic Communications Regulations ("PECR") sit alongside the Data Protection Act and the UK GDPR. They give people specific privacy rights in relation to electronic communications, including cookies and similar technologies.

A cookie is a small text file that is downloaded onto a device such as a computer or smartphone when the user of that device accesses a website. It allows the website to recognise that user’s device and store some information about the user’s preferences or past actions.

Unless an exemption applies, PECR requires those using cookies to follow three basic rules:

  • say that cookies will be used;
  • explain what those cookies will do and why; and
  • obtain prior consent from each user to the use of cookies.

PECR sets out two exemptions to these rules: the communications exemption and the strictly necessary exemption. In short this means the rules do not apply to cookies that are only used to transmit a communication or that are required to make the website in question function.

For more information, please see our guide below which examines the most recent guidance on cookies from three supervisory authorities in the United Kingdom, Ireland and France. (July 2021)