Cookies are files or pieces of information that may be stored on your computer (or other internet enabled devices, such as a smartphone or tablet) when you visit a Unilever Site. A cookie will usually contain the name of the website from which the cookie has come from, the "lifetime" of the cookie (i.e. how long it will remain on your device), and a value, which is usually a randomly generated unique number.
Our guidance includes additional information about implied consent:
Confidentiality of communications and spyware
It should be remembered that the intention behind this Regulation is also to reflect concerns about the use of covert surveillance mechanisms online. Here, we are not referring to the collection of data in the context of conducting legitimate business online but the fact that so-called spyware can enter a terminal without the knowledge of the subscriber or user to gain access to information, store information or trace the activities of the user and that such activities often have a criminal purpose behind them.
Responsibility for providing the information and obtaining consent
The Regulations do not define who should be responsible for providing the information and obtaining consent. Where a person operates an online service and any use of a cookie type device will be for their purposes only, it is clear that that person will be responsible for complying with this Regulation.
Exemptions from the right to refuse a cookie
The Regulations specify that service providers should not have to provide the information and obtain consent where that device is to be used:
In defining an 'information society service' the Electronic Commerce (EC Directive) Regulations 2002 refer to 'any service normally provided for remuneration, at a distance, by means of electronic equipment for the processing (including digital compression) and storage of data, and at the individual request of a recipient of a service'.
The term 'strictly necessary' means that such storage of or access to information should be essential, rather than reasonably necessary, for this exemption to apply. However, it will also be restricted to what is essential to provide the service requested by the user, rather than what might be essential for any other uses the service provider might wish to make of that data. It will also include what is required to comply with any other legislation the service provider might be subject to, for example, the security requirements of the seventh data protection principle.
Where the use of a cookie type device is deemed 'important' rather than 'strictly necessary', those collecting the information are still obliged to provide information about the device to the potential service recipient and obtain consent.