Skip to main content Skip to navigation


The Privacy and Electronic Communications (EC Directive) Regulations (PECR) regulate the use of cookies on the University's websites.

PECR makes it easier for visitors to websites to understand what kind of information about them is being created and stored as a result of their visit. In particular, some of this information is stored on the visitor's own computer, in the form of small text files called cookies.

PECR requires website providers to make it easy for visitors to understand what cookies are created by the website and for what purpose, to agree to this, and in some circumstances, to be able to opt-out of receiving such cookies.

In creating a new website, we must:

  1. Make sure that we know and can list all the cookies which the website creates. This may include cookies which are essential for the functioning of the site (e.g. cookies to record the fact that the user is currently signed-in), minor preference cookies (e.g. text size), or cookies for analytics or tracking purposes. If we embed third party content such as YouTube videos, Facebook 'Like' buttons, etc. then viewing or clicking on this content may also cause the third party site to set cookies, and we should record this too, though we are not responsible for providing opt-out or other services relating to third party cookies - that's the third party's responsibility.
  2. Once we have such a list of cookies and their purposes, we should publish it on the website, and make it easy for visitors to find the list. Our recommended format is to have a link entitled simply 'Cookies' on every page of the site in whatever site-wide navigation has been selected e.g. header, footer, side-bar, etc..
  3. It may be necessary to ask the user to explicitly agree to the use of cookies, and to give them a mechanism to opt-out of their use.

If the website is delivered through SiteBuilder, the University's web publishing tool, then in almost all cases, these requirements will be automatically satisfied. This may not be the case if the page includes bespoke code which sets additional cookies specific to the pages, or if content is embedded from an unusual third party.

The ICO has published guidance on the use of cookies.