Skip to main content Skip to navigation


Changes to the Privacy and Electronic Communications Regulations - Cookies

We wish to inform you of the recent changes to the Privacy and Electronic Communications (EC Directive) Regulations affecting websites and to request that you take action to ensure the compliance of your Department’s and affiliated sites.

The amendments to the Privacy and Electronic Communications (EC Directive) Regulations in May 2011 seek to make it easier for visitors to web sites to understand what kind of information about them is being created and stored as a result of their visit. In particular, some of this information is stored on the visitor's own computer, in the form of small text files called cookies. The new legislation requires web site providers to make it easy for visitors to understand what cookies are created by the web site and for what purpose, to agree to this, and, in some circumstances, to be able to opt out of receiving such cookies. Therefore, there are three steps that web site providers at Warwick should be taking:

  1. Make sure that you know and can list all the cookies which your web site creates. This may include cookies which are essential for the functioning of the site (eg. cookies to record the fact that the user is currently signed in), minor preference cookies (eg. text size) or cookies for analytics or tracking purposes. If you embed third party content such as YouTube videos, Facebook 'Like' buttons, etc. then viewing or clicking on this content may also cause the third party site to set cookies, and you should record this too, though you are not responsible for providing opt-out or other services relating to third party cookies - that's the third party's job.
  2. Once you have such a list of cookies and their purpose, you should publish it on your web site, and make it easy for visitors to your site to find the list. Our recommended format at the moment is to have a link entitled simply 'Cookies' which you put on every page of your site in whatever site-wide navigation you have - header, footer, side-bar, etc. For a short time after the introduction of this link, you might choose to make it more prominent than it will eventually be in the longer term.
  3. There is a third step which will depend on how intensive your use of cookies is; asking the user to explicitly agree to their use, and/or giving users a mechanism to opt out of their use. At the moment, our understanding is that for essential cookies such as for keeping a user signed in or remembering the contents of their shopping basket, and minor preference cookies such as a preference for text size or colours, implied consent will probably be sufficient. So listing cookies and ensuing users can easily find the list will suffice; it is not essential to ask the user to explicitly agree to their use. If your web site sets cookies relating to advertising, especially advertising which takes place across multiple web sites, not just your own, then explicit consent may become more important.

If your only web presence is delivered through SiteBuilder, the University's web publishing tool, then in almost all cases, you need take no action. Your pages already have a link labelled 'Cookies' in their footer, and information about the cookies which are used by SiteBuilder generally is available by clicking on that link. The only exception might be if you have written your own code which sets additional cookies specific to your pages, or you embed content from an unusual third party (e.g. not Facebook, Twitter, YouTube, Google in your pages). The vast majority of SiteBuilder users don't do either of those things, and therefore need take no action.

Further Guidance

Further detailed guidance is available here as a download (Guidance on the Privacy and Electronic Communications (EC Directive) Regulations v 1.1(PDF Document)) and the Legal Services team is able to offer support on wording of privacy policies ( Requests for technical advice and assistance should be raised via the IT Services Helpdesk ( or ext 73737)