The UK's data protection supervisory authority, the Information Commissioner's Office (ICO), published guidance to provide greater clarity to organisations grappling with how the General Data Protection Regulation (GDPR) applies to cookies and similar technologies The Cookie Law is a piece of privacy legislation that requires websites to obtain explicit consent from visitors to store or retrieve any information on a computer, smartphone or tablet.
What legislation do I need to follow?
Website owners have a legal compliance obligation under GDPR Articles 5, 7, 12, 30, PECR Regulation 6 and CCPA section 1798.135.
What should I do now?
1) All website owners must look at what Cookies they have on their website. This will allow them to list the cookies by name, detail down what they do and place them into categories for a consent management system.
2) Once the cookies have been identified, add a consent management tool to your website which will allow users of the site to control what types of cookies they accept when they visit your site, i.e., end users should be able to see the list of cookie categories set up in step 1, and decide on a category-by-category basis which ones they wish to accept.