FCA issues compliance reminder for Buy Now Pay Later platforms
Buy Now Pay Later: FCA issues reminder to firms to comply with consumer protection legislationRead more
Cookies are text files that are implanted onto a computer, phone or other ‘terminal equipment’ when a user enters an online service provider’s website.
The cookies collect and store information on the habits of the user for a number of reasons, including to enhance the efficiency of the website, tracking preferences, personalisation of content, tailoring of advertising and providing security.
Cookies are regulated by the UK GDPR, the Data Protection Act 2018 and the Privacy Communications (EC Directive) Regulations 2003 (PECR).
The UK GDPR supplements the PECR regardless of whether the cookies constitute personal data, and both sets of regulations operate to impose two main obligations on online service providers:
Consent is the foundational lawful basis for processing data for cookies under the GDPR, therefore it is vital that your consent mechanism is compliant, or you may face significant penalties from the ICO, particularly where the information collected constitutes personal data.
The consent requirements under article 4(11) UK GDPR apply to cookie consent, meaning that specific, informed, and unambiguous permission must be freely given by a statement or affirmative action.
Stephen Bonner has warned that companies that do not have a ‘reject all’ button on their cookie banners are “breaking the law” and “there is no excuse for that”. Bonner has warned that the ICO is paying close attention to this issue and are ready to issue fines to companies that are not taking serious active steps to compliance.
It is, therefore, important that you comprehensively and frequently review your company’s compliance concerning cookies, as well as its conformity with the UK’s general data protection legislation. The ICO has the power to issue fines of up to £17.5m or 4% of an organisation’s global annual turnover, and so data protection compliance is essential to avoid such enforcement action being taken against your company.
A recent example of enforcement action taken by the ICO against social media platform TikTok can be found in our article: The Information Commissioner’s Office issues £12.7m fine for misusing children’s data | Flint Bishop.
If you have any questions about how your company can ensure its compliance with the UK GDPR or any other data protection and commercial legal issues, our highly experienced Commercial team will be happy to help. Please contact Haroon Younis on 01332 226 466 or fill in the form below to request a no-obligation discussion.
Scroll to next section
Scroll back to the top