Privacy and Electronic Communications Regulations 2003

The Privacy and Electronic Communications Regulations (PECR) set out rules in a number of areas, including the use of cookies or similar technology to track information about end users of a website or electronic service.

A cookie is a small file which is downloaded on to your computer when you visit websites. Cookies are used by many websites to remember your preferences, record what you have put in your shopping basket, or for gathering statistics like counting the number of people looking at the website.

The use of cookies is probably the main area of significance of PECR for schools, as almost all schools now own a website. Organisations are responsible for providing clear information about the way they use cookies and for ensuring that they give people using their website the right choices.

The Regulations state that cookies or similar devices must not be used unless the visitor to the website:

  • is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and
  • has given his or her consent.

They do not specify the sort of information which should be provided, but the text should be sufficiently full and intelligible to allow individuals to understand clearly the potential consequences of allowing storage and access to the information collected by the device, should they choose to do so.

The ICO has published cookies guidance for website owners [new window] . If you are concerned that your school's website is not complying with the law, please initially contact your website provider.

PECR also cover the sending of 'unsolicited' marketing messages. If your school needs further advice on marketing messages, the ICO has released guidance on direct marketing [new window] .