GRA Issues Guidence On Cookies
The Gibraltar Regulatory Authority, as the Information Commissioner, has today published a Guidance Note which aims to provide organisations with information and guidance on the use of cookies, including the rules for setting cookies, and how to ensure compliance with these rules.
A statement from the Gibraltar Regulatory Authority follows below:
Cookies are small alphanumeric text files that are processed, stored, and later retrieved by a web browser. Whilst they are essential for providing several necessary website functions, cookies are also a tool used by advertisers to provide insight into online behaviour and track user activity to deliver highly personalised adverts to its users.
While the Communications (Personal Data and Privacy) Regulations 2006 establish the rules on how cookies (and other tracking technologies) should be used, it is important to note that the Privacy Regs complement data protection legislation, namely, the Gibraltar General Data Protection Regulation and Data Protection Act 2004. In this regard, data protection legislation defines certain expressions and terms referred to in the Privacy Regs, for example, the meaning of ‘consent’. The Gibraltar GDPR also includes cookies within its definition of personal data. Therefore, when setting cookies, compliance with the Privacy Regs should principally be considered alongside the Gibraltar GDPR, and where relevant, the DPA.
Whilst the Privacy Regs do not prohibit the use of cookies, they require that individuals be informed about their use and given a choice as to whether they want to have non essential cookies (i.e., cookies that do not fall under any of the exemptions provided in Regulation 5(4) of the Privacy Regs), stored on their devices. The purpose of these rules is to protect individuals from having information placed on their devices, or accessed on their devices, without their consent, as this could constitute a severe privacy intrusion and interfere with the confidentiality of their online interactions. The Guidance Note sets out the key points that organisations should consider when setting cookies, in order to comply with the relevant legislation.
This Guidance Note is intended to serve as a reference document, to be consulted as and when necessary, alongside relevant legislation. Organisations are responsible for assessing compliance, and for introducing reasonable and appropriate measures, as applicable.
The Guidance Note is available to download from the GRA’s website: https://www.gra.gi/data-protection/guidance.
For further information, please contact the GRA on +350 20074636 or email: This email address is being protected from spambots. You need JavaScript enabled to view it..