The Gibraltar Regulatory Authority, as the Information Commissioner, has today published a Guidance Note which aims to provide organisations with information and guidance on the use of cookies, including the rules for setting cookies, and how to ensure compliance with these rules. 

A statement from the Gibraltar Regulatory Authority follows below:

Cookies are small alphanumeric text files that are processed, stored, and later retrieved  by a web browser. Whilst they are essential for providing several necessary website  functions, cookies are also a tool used by advertisers to provide insight into online  behaviour and track user activity to deliver highly personalised adverts to its users. 

While the Communications (Personal Data and Privacy) Regulations 2006 establish the rules on how cookies (and other tracking technologies)  should be used, it is important to note that the Privacy Regs complement data  protection legislation, namely, the Gibraltar General Data Protection Regulation and Data Protection Act 2004. In this regard, data  protection legislation defines certain expressions and terms referred to in the Privacy  Regs, for example, the meaning of ‘consent’. The Gibraltar GDPR also includes cookies  within its definition of personal data. Therefore, when setting cookies, compliance with  the Privacy Regs should principally be considered alongside the Gibraltar GDPR, and  where relevant, the DPA.  

Whilst the Privacy Regs do not prohibit the use of cookies, they require that individuals  be informed about their use and given a choice as to whether they want to have non essential cookies (i.e., cookies that do not fall under any of the exemptions provided  in Regulation 5(4) of the Privacy Regs), stored on their devices. The purpose of these  rules is to protect individuals from having information placed on their devices, or  accessed on their devices, without their consent, as this could constitute a severe  privacy intrusion and interfere with the confidentiality of their online interactions. The Guidance Note sets out the key points that organisations should consider when setting  cookies, in order to comply with the relevant legislation.  

This Guidance Note is intended to serve as a reference document, to be consulted as  and when necessary, alongside relevant legislation. Organisations are responsible for  assessing compliance, and for introducing reasonable and appropriate measures, as  applicable. 

The Guidance Note is available to download from the GRA’s website:  https://www.gra.gi/data-protection/guidance. 

For further information, please contact the GRA on +350 20074636 or email:  [email protected].