Skip to main content
CLOSE

Charities

Close

Corporate and Commercial

Close

Employment and Immigration

Close

Fraud and Investigations

Close

Individuals

Close

Litigation

Close

Planning, Infrastructure and Regeneration

Close

Public Law

Close

Real Estate

Close

Restructuring and Insolvency

Close

Energy

Close

Entrepreneurs

Close

Private Wealth

Close

Real Estate

Close

Tech and Innovation

Close

Transport and Infrastructure

Close
Home / News and Insights / News / The way the cookie crumbles: tracking cookies under GDPR

GDPR is everywhere at the moment but we wanted to share an often forgotten area that will be heavily impacted – cookie tracking and online advertising.

Cookies allow businesses to track web visitors’ activities and movements and use this information to market directly to the individual.

However, cookies which can identify an individual or device are classified as personal data under GDPR and the ePrivacy Regulation, and from 25 May, companies will therefore need to have a legal basis for processing this data.

If consent is the legal basis for processing the data, you must obtain clear and voluntary consent for every activity (i.e. both tracking the individual and using the data). Crucially, soft opt-in consent (i.e. the ‘by using this site, you accept cookies’ messages that pop up on websites) is not sufficient, and users must be given the opportunity to withdraw their consent easily.

In a recent survey by PageFair, 81% of respondents confirmed that they would not consent to having their behaviour tracked by companies other than the website they are visiting. This will have the most impact on ad tech companies and advertisers who currently use third-party cookies and who will be most at risk if individuals consider that their consent should not be provided for these activities.

To become compliant companies have two choices – either stop gathering the relevant cookies, or find a lawful ground to collect and process that data. For most companies, that lawful ground will be the consent of the individual. With consent so much harder to get under GDPR, perhaps an alternative could be for software companies to devise progressive new software that will enable companies to continue to market to individuals, but without the need to collect the user data. It will certainly be interesting to keep an eye on how software develops in this area in the near future.

Related Articles

Our Offices

London
One Bartholomew Close
London
EC1A 7BL

Cambridge
50/60 Station Road
Cambridge
CB1 2JH

Reading
The Anchorage, 34 Bridge Street
Reading RG1 2LU

Southampton
Grosvenor House, Grosvenor Square
Southampton SO15 2BE

 

Reading
The Anchorage, 34 Bridge Street
Reading RG1 2LU

Southampton
Grosvenor House, Grosvenor Square
Southampton SO15 2BE

  • Lexcel
  • CYBER ESSENTIALS PLUS

© BDB Pitmans 2024. One Bartholomew Close, London EC1A 7BL - T +44 (0)345 222 9222

Our Services

Charities chevron
Corporate and Commercial chevron
Employment and Immigration chevron
Fraud and Investigations chevron
Individuals chevron
Litigation chevron
Planning, Infrastructure and Regeneration chevron
Public Law chevron
Real Estate chevron
Restructuring and Insolvency chevron

Sectors and Groups

Private Wealth chevron
Real Estate chevron
Transport and Infrastructure chevron