What is the Privacy and Electronic Communications Regulations (PECR)?

What is the Privacy and Electronic Communications Regulations (PECR)?

Cookies are governed by the Privacy and Electronic Communications Regulations (PECR) which sit alongside the Data Protection Act. In recognition of the forthcoming changes, the European Commission has launched a public consultation as part of a process for a revision of the ePrivacy Directive from which the EU cookie laws are derived. 

The PECR do not set out exactly what information you must provide or how to provide it – this is up to you. 

In regulation 6 of the PECR, it is set out that you should:

  • Tell people that the cookies are there
  • Explain what the cookies are doing and why
  • Get the individual’s consent to store a cookie on their device.

Under the PECR, to be valid, consent must be freely given, specific and informed, and must involve some form of positive action. This consent should be unbundled from other information in your website, such as your privacy policy. Consent does not necessarily have to be explicit ‘opt-in’ consent, as implied consent can also be valid, as long as users understand that their actions will result in cookies being set. Consent should be obtained from the subscriber or the user and, in practice, you may not be able to tell who is a subscriber or a user. The key will be that valid consent has been provided by one of them.