The Future for EU and UK Laws on Cookies after ‘Brexit’

I know you read this to get away from the dreaded B-word, but we can’t avoid the fact that leaving the European Union will impact almost every aspect of our lives, including online marketing. My thoughts turned immediately to EU legislation, and if there were any implications there. For example, EU rules have required all of us to put those ‘cookie consent’ messages on our websites, even if only a small number of sites have bothered. Will everything suddenly change now?

The answer, of course, is no. Lies were told by both sides in the EU referendum campaign, and the one which said that ‘most of our laws come from Brussels’ was just an example. The truth is that they never have done. The ‘cookie consent law’ came from an EU directive, but to become law, it had to be part of UK regulations (something called PECR if you want to read more), passed by our own government. UK laws remain UK laws, whether we’re in the EU or not.

Of course, any laws like these might be amended or repealed in the future, but anyone who thinks this sort of thing will happen in the next few years is deluded. It’s hardly ‘bad law’, after all, even if like so much to do with technology, it always needs updating.

Indeed, something significant is going to happen before any ‘Brexit’ is finalised, and that’s the EU General Data Protection Regulation (GDPR). This one is an EU-wide law, and will be in force in two years’ time. It will take over the legal requirements for cookies and similar technologies, and will be stricter in some cases.

As Richard Beaumont of Optanon writes, “Under the GDPR, any cookie or other identifier, uniquely attributed to a device and therefore capable of identifying an individual, or treating them as unique even without identifying them, is personal data. This will certainly cover almost all advertising/targeting cookies; lots of web analytics cookies; and quite a few functional services like survey and chat tools that record user IDs in cookies.”

He continues: “Cookies will need to become much more clearly opt-in, or at the very least soft opt-in, so that landing on a site for the first time cookies have to be blocked until the user takes some action that they are clear will result in cookies being set.”

I would join Richard in predicting that the result will be barriers on most business websites which say: “You must check this box and agree to the use of cookies before we show you anything”. You can read his excellent background article on the subject now. I recommend it.

Leave a Reply

Your email address will not be published. Required fields are marked *