UK and EU – Cookie rules to become the ‘law of everything’?

Greg Palmer and Ceyhun Necati Pehlivan of Linklaters analyse the proposed changes to cookie provisions in the UK’s new Data (Use and Access) Bill, and the approach taken recently by the EDPB.

Helen Dixon, the former Irish Data Protection Commissioner famously described the GDPR as the “law of everything”. The broad scope of the concepts of “processing” and “personal data” means almost everything any business does is subject to the GDPR.

Recent developments risk a similarly expansive application of the cookie rules. The UK’s Data (Use and Access) Bill will extend these rules to information automatically emitted by terminal equipment. The European Data Protection Board’s (EDPB) cookie guidelines take a similarly broad-brush approach.

This expansion is problematic. The analogue principles in the GDPR apply flexibly according to the sensitivity of the personal data; but the cookie rules take a blunt and binary approach. Either the use-case falls within a narrowly defined exception, or GDPR-standard consent is needed.

Continue Reading

UK Report subscribers, please login to access the full article

LOGIN

If you wish to subscribe, please see our subscription information.

Subscribe