Websites, cookies and data protection

Many online business owners ask me about the significance of “cookies”. They question the need for a Cookies Policy for their website. If you are one of them, the following might provide some assistance.

Cookies are text files which contain information that can be very useful. For instance, a website operator can “implant” when that user visits a particular website on the user’s tablet, smartphone or pc. 

Most websites, web and mobile applications use cookies to recognise a particular user’s device. They store information about their previous website/platform visits. This allows personalised content (by tracking the user’s preferences), more effectively tailored online behavioural advertising or a more efficiently functioning website.

Did you know there are different types of cookies? 

The different types of cookie are:

  • session
  • persistent
  • first party
  • third party

Luckily, this article will not go into the specific details of all those.

The important part is that cookies may link to an individual. They become subject to data protection legislation when combined with other information, such as the user’s name, postal or email address (held by the online provider). Even a user’s web browsing history could constitute personal data.

Consequently, online providers are required to provide “clear and comprehensive information about the purposes of the storage of, or access to, the information”. The most common example of this is a policy accessible through the website footer, which should include an “acceptance” banner. Where the information collected constitutes personal data, a request for consent under the data protection legislation must include a number of components.

Am I compliant with data protection legislation?

There are some basic checks you should undertake as a starting point, to check that you are compliant with data protection legislation. You should consult with an IT savvy person, if necessary: 

  • Identify which and what type of cookies are operating on your website
  • Ascertain the purpose of each cookie and how crucial they are for your business or the functional performance of the website
  • Ascertain whether any personal data is being processed
  • Use a Cookies Policy for your website and implement an acceptance banner to obtain users’ consent to cookies. Ideally, enable the users to manage preferences
  • Keep a record of all consents
  • Ensure that a user can easily disable cookies

If you are a business owner and require assistance in connection with your website and data protection, please do not hesitate to contact me.

Further reading:

E-commerce Essentials 

Online platforms - promoting fairness and transparency




The contents of this article are intended for general information purposes only and shall not be deemed to be, or constitute legal advice. We cannot accept responsibility for any loss as a result of acts or omissions taken in respect of this article.