Cookies are files stored on a computer’s browser by websites which can be used for various purposes, often related to marketing or advertising.
Such consent must be:
given through a clear affirmative action, such as clicking an opt-in box or choosing settings or preferences on a settings menu. Simply visiting a website doesn’t count as consent.
given freely and genuinely
It must be as easy to withdraw consent as it is to give it. This means that if you want to tell people to block cookies if they don’t give their consent, you must make them accept cookies first. You must also give people the option to change their mind, i.e. by providing an opt-out option. This is especially important if you wish to implement the 'soft opt-in' option.
Privacy and Electronic Communications Regulations
Under the PECR, websites cannot use 'non essential' cookies unless the consent of the user is expressly given - in other words, users must first opt-in before such cookies can be deployed.
Non-essential cookies are those which are used for analytical purposes or to assist with advertising. Even cookies which customise a website (such as providing a greeting message) are deemed to be non essential.
Essential cookies are generally those which enable an online checkout process to work properly - or if required for technical or security purposes.
Failure to comply with the Cookie Law can lead to fines of up to £500,000. There are also smaller penalties, such as being sent an information notice or an enforcement notice.