My understanding is that cookies (or any other tracking tools) are only covered under GDPR if they are collecting personal data. Otherwise they are covered by PECR which isn't changing at this time and I think this is why there's been no additional guidance issued. So unfortunately it very much depends on what cookies you're using and what they do. Re persistent cookie notice - a large number of folk include a clear link to the detailed cookie advice in their footer so that it's always available - which I see RSC already does. If your cookies are feeding back IP addresses to a tool you use, you'd likely need to combine it with other data in order to be able to take a guess at who the person is. IP addresses might be classified as a pseudonymous if you have other data sources that combine it with in order to identify someone but it totally depends what systems you're using and what else is being collected through that system. On 3 April 2018 at 17:33, Tony Crockford <[log in to unmask]> wrote:
-- Dee Ishani 07740 356873 [log in to unmask] twitter: stripysocksrock skype: nadine.ishani linkedin: https://uk.linkedin.com/in/nadineishani **************************************************************** website: http://museumscomputergroup.org.uk/ Twitter: http://www.twitter.com/ukmcg Facebook: http://www.facebook.com/museumscomputergroup [un]subscribe: http://museumscomputergroup.org.uk/email-list/ **************************************************************** |