- what cookies you set on your website;
- what those cookies are used for;
- whether you share information obtained through your cookie use with third parties; and
- how individuals can withdraw their consent to your use of non-essential cookies, and whether there are any consequences of them doing so (eg if withdrawing consent to a particular cookie will affect the way your website works).
The information should be provided in plain language and you should steer clear of overly complex terminology. The ICO has advised that if you decide to include detailed lists of all of the cookies you use on your site, it may also help to provide a high-level summary about the different types of cookies used and how they operate.
How to get consent
Pre-ticked boxes or ‘on’ sliders are not compliant with the consent requirements.
Remember that you do not need to get the consent of users if the cookies you are using are strictly necessary in order for you to provide a service that they have requested. However, even in these cases, the ICO recommends that you still provide clear information to your website users about your use of all cookies.
When to get consent
Bear in mind that there may be circumstances in which you will need your website users to provide new consent to cookies (eg if you are setting new non-essential cookies, which their previous consent did not cover).
Who to get consent from
Consent to cookies is required from either the person paying for the device (called the ‘subscriber’) or the person who is using it, but not both. From a practical point of view, you may not always be able to tell who is providing the consent, so you must ensure that someone has provided valid consent. Generally speaking, if a user or subscriber has previously consented, but then the current user of the device objects, best practice is to rely on the most recent indication.
Before joining Sparqa Legal as a Senior Legal Editor in 2017, Frankie spent five years training and practising as a corporate disputes and investigations lawyer at leading international law firm Hogan Lovells. As legal insights lead, Frankie regularly contributes to Sparqa Legal’s blog, writing content across employment law, data protection, disputes and more.