The law on cookies changed in the UK in May 2011. The new law states that websites must get consent from visitors to store or retrieve any information on a computer or other web-connected device. This includes cookies and similar technologies used for tracking and targeted advertising.
The Information Commissioner’s Office (ICO) is the UK’s independent regulator for data protection and information rights. The ICO says that consent must be “freely given, specific and informed”. In other words, visitors must be told about the cookies and what they are used for, and they must have the opportunity to say no.
The ICO has published guidance on how to get consent for cookies. This includes using “clear and concise” language and making sure that consents are not bundled up with other terms and conditions. The new law does not apply to cookies that are strictly necessary for the operation of a website. These are typically used to remember choices made by a user, such as whether they are logged in, or what language they prefer.
If you are not sure whether the cookies on your website need consent, you can contact the ICO for advice.