5 pillars of drop shipping contracts: Creating security in a fast-growth model
Drop shipping is growing fast. Find out how the right contracts can protect your margins, brand and legal position.
Read More
The Deputy Information Commissioner, Stephen Bonner, sends out a stark warning to companies that fail to have a ‘reject all’ button on their cookie banners, threatening enforcement action for non-compliance.
Commercial & Data Protection|12 July 2023
Insight
Cookies are text files that are implanted onto a computer, phone or other ‘terminal equipment’ when a user enters an online service provider’s website.
The cookies collect and store information on the habits of the user for a number of reasons, including to enhance the efficiency of the website, tracking preferences, personalisation of content, tailoring of advertising and providing security.
Cookies are regulated by the UK GDPR, the Data Protection Act 2018 and the Privacy Communications (EC Directive) Regulations 2003 (PECR).
The UK GDPR supplements the PECR regardless of whether the cookies constitute personal data, and both sets of regulations operate to impose two main obligations on online service providers:
Consent is the foundational lawful basis for processing data for cookies under the GDPR, therefore it is vital that your consent mechanism is compliant, or you may face significant penalties from the ICO, particularly where the information collected constitutes personal data.
The consent requirements under article 4(11) UK GDPR apply to cookie consent, meaning that specific, informed, and unambiguous permission must be freely given by a statement or affirmative action.
The method for obtaining consent for cookies often comes in the form of a ‘cookies banner’, which gives the user the option to accept or reject to the use of cookies on a website.
Stephen Bonner has warned that companies that do not have a ‘reject all’ button on their cookie banners are “breaking the law” and “there is no excuse for that”. Bonner has warned that the ICO is paying close attention to this issue and are ready to issue fines to companies that are not taking serious active steps to compliance.
It is, therefore, important that you comprehensively and frequently review your company’s compliance concerning cookies, as well as its conformity with the UK’s general data protection legislation. The ICO has the power to issue fines of up to £17.5m or 4% of an organisation’s global annual turnover, and so data protection compliance is essential to avoid such enforcement action being taken against your company.
A recent example of enforcement action taken by the ICO against social media platform TikTok can be found in our article: The Information Commissioner’s Office issues £12.7m fine for misusing children’s data | Flint Bishop.
Contact Us
If you have any questions about how your company can ensure its compliance with the UK GDPR or any other data protection and commercial legal issues, our highly experienced Commercial team will be happy to help. Please contact Haroon Younis on 01332 226 466 or fill in the form below to request a no-obligation discussion.
Related Services
Knowledge
Drop shipping is growing fast. Find out how the right contracts can protect your margins, brand and legal position.
Read MoreLearn about fiduciary duties, commission disclosure, and legal compliance after the Expert Tooling v Engie ruling.
Read MoreLearn how Rukhadze v Recovery Partners reinforces strict fiduciary duties and what it means for your business and governance.
Read MoreThe ICO and CMA's joint statement outlines new AI in finance regulations, focusing on data protection, competition, and consumer safeguards.
Read MoreA decade of progress – but the fight against modern slavery isn’t over, we highlight how businesses can meet stricter transparency rules.
Read MoreNavigate AI regulations in financial services. Key insights from the FCA & ICO on compliance, data protection, and innovation.
Read MoreExplore how to create an AI usage policy that mitigates risks and ensures responsible adoption for your business.
Read MoreEffective data safety and optimisation are key to business success, reducing risks and improving efficiency in a digital world.
Read MoreLandmark EU court ruling awards damages for unlawful data transfer. Learn what this means for GDPR compliance and safeguarding your business.
Read MoreProtect your SME from data breaches. Discover key tips for GDPR compliance and data security during Data Protection Week.
Read MoreBoost profitability with well-negotiated commercial contracts—learn essential terms to protect and grow your business.
Read MoreDiscover the key changes introduced by the Data (Use and Access) Bill and how organisations must adapt to meet compliance requirements.
Read MoreScroll to next section
Scroll back to the top
On Monday 29 September, Flint Bishop successfully completed the acquisition of the entire business of Lupton Fawcett LLP. You have been forwarded to the page most relevant to your visit.
Please feel free to explore our website and learn more about our legal services and professionals, including those who have recently joined us from Lupton Fawcett.