All websites must obtain user consent for the use of all cookies, as well as providing clear and comprehensive information about the cookies used. The Information Commissioner has the power to impose fines of up to £500,000 for breaches.
Websites invariably collect ‘personal data’, as defined in the Data Protection Act 1998 (DPA). The DPA defines personal data as ‘data that relate to a living individual who can be identified (a) from those data or (b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller, and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual’.
The Information Commissioner has published detailed guidance of what constitutes ‘personal data’, which clarifies the kinds of information that can constitute personal data and which shows that personal data may be wider than imagined, for example it need not include a person’s name. Website owners will be ‘data controllers’ under the DPA and must comply with those provisions of the DPA pertaining to data controllers. These include the obligation to ensure that personal data is kept secure, that is kept up to date, that it is kept no longer than is necessary and that it is processed fairly. The obligation to process personal data fairly is a generally applicable requirement; it is not confined to direct marketing…
If you are registered and logged in to the site, click on the link below to read the rest of the Walker Morris briefing. If not, please register or sign in with your details below.