Ascensor Blog- Cracking the cookie code: navigating UK laws for legal professionals

Cookies play a pivotal role in enhancing user experience and enabling personalised browsing on your firm’s website.

But their use is governed by stringent laws to protect users’ privacy rights, and it’s absolutely vital that site owners understand them better.

Here we’re going to help you understand UK cookie laws, delineating what cookies are, their types, how they apply in the UK and the penalties associated with breaching these laws.

What are web cookies?

Cookies are small text files that are stored on a user’s device when they visit a website. They help websites remember information about the visitor’s activity, such as login details, language preference or items in a shopping cart.

What data do cookies collect?

There are several information points that website owners may want to collect through cookies. These include:

  • Browsing history
  • IP address
  • Links clicked
  • Location
  • Number of visits
  • Pages viewed
  • Personal data
  • Preferences
  • Session duration
  • Shopping activity

What are the different types of cookies?

These are the eight main types of internet cookies that you need to know about:

1. Advertising cookies – These cookies, also known as ‘marketing’ cookies, enable advertisers to target users based on their behaviour and provide remarketing opportunities.

2. Flash cookies – Also called ‘super cookies,’ these cookies can operate independently on the user’s computer, even when the web browser is closed.

3. Necessary cookies – These cookies, also known as ‘strictly necessary’ cookies, are essential for proper website functionality (they do not track personal data).

4. Permanent cookies – Also referred to as ‘persistent’ cookies, these cookies continue to collect data even after the web browser is closed.

5. Preference cookies – Designed as ‘memory’ cookies, they remember the user’s preferred choices while navigating a website.

6. Session cookies – Also known as ‘temporary’ cookies, these cookies track a user’s journey through the website during the current session.

7. Statistic cookies – Also called ‘performance’ or ‘analytics’ cookies, they collect information about user interaction with a website to gain better insights into user journeys.

8. Zombie cookies – The ultimate persistent cookies that can be recreated even after a user has deleted and cleared all their cookies.

The UK law on cookies

The rules on cookies in the UK are covered by the Privacy and Electronic Communications Regulations 2003 (PECR).

Post-Brexit, the UK no longer conforms to the EU cookie law or GDPR unless a business uses EU individuals’ personal data for offering goods and services.

Under PECR, websites must obtain informed consent from visitors before setting cookies, except for cookies strictly necessary for providing an online service at the user’s request.

Penalties for non-compliance

Breaching cookie laws can result in significant penalties, including fines and reputational damage. The Information Commissioner’s Office (ICO), the UK’s independent authority set up to uphold information rights, has the power to impose fines of up to £500,000 for serious breaches of the PECR.

ICO warned in June 2023 that organisations whose top-level cookie banners do not include a “reject all” button will face an “intervention”.

The importance of cookie banners

Cookie banners serve as a clear, concise, and visible notice that a website uses cookies. They inform visitors about the types of cookies used and their purposes, and seek their consent before setting non-essential cookies.

A well-designed cookie banner should also include a “reject all” button, giving visitors the option to decline non-essential cookies.

If you’re operating in the UK, it’s best to give users the choice between accepting and rejecting all cookies alongside handles to customise their choices.

The importance of obtaining ‘consent’

It is really important that a user grants their consent before you store any non-essential cookie on their device.

This requires the user to perform a “positive action” such as clicking a button to allow cookies to be saved on your device.

In the UK, you are not allowed to block access to a website or app purely because a user has withheld their consent to non-essential cookies.

Similarly, you cannot use “passive consent” such as displaying a message stating “By continuing to use this website, you consent to us using cookies”.

Many sites use third-party cookie management tools to help provide both the cookie management capability and to ensure compliance.

Each has their own way to display cookie preference options.

You could opt for a very simple cookie consent pop-up with the option to just “accept” or “decline” all cookies.

There’s also an option of a moderately simple consent banner that allows you to specify your preference for different types of cookies such as functional cookies, performance (analytics) cookies, marketing (retargeting) cookies, etc

Some sites display a cookie banner with options pre-ticked, and the user only has to click a button that confirms all of the options.

This is not allowed under the legislation, but is still sadly commonplace.

Balancing compliance with user experience

Legal professionals can respect UK cookie laws while ensuring a smooth user experience by implementing clear and concise cookie banners, providing easy-to-understand information about cookies and offering users control over their cookie preferences.

For instance, a compliant cookie banner could clearly state: “We use cookies to improve your browsing experience and analyse site traffic. By clicking ‘Accept All’, you consent to our use of cookies. However, you may visit ‘Cookie Settings’ to provide controlled consent.”

Do I need to have a cookie policy page on my website?

Any website that collects the data of a user visiting the site must have a cookie policy. This can either be a dedicated page, or it can form part of your privacy policy. If your website does not use cookies, a cookie policy is not required.

Engender client trust and avoid potential penalties

Understanding and adhering to UK cookie laws is vital for legal professionals to avoid penalties and maintain trust with your potential clients. 

By providing clear information about cookies and gaining informed consent, legal professionals can ensure they uphold users’ privacy rights while enhancing their digital experiences.

Ascensor are an award-winning digital agency based in Leeds that can help you unlock the potential of your website.

Get advice on how to craft a conversion-focused online presence and actionable strategies to turn legal leads into clients. We’ve got a proven track record of helping legal practices get more from their digital assets.

Get in touch with the Ascensor team to discover how we can help your firm grow.