UK's Privacy and Electronic Communications Regulations(PECR)

Under the PECR, websites cannot use 'non essential' cookies unless the consent of the user is expressly given - ie users must opt-in before such cookies can be used.

Different lawful basis to GDPR:

PECR requirements are separate from, and different to, those of the UK GDPR. Guidance produced by European data protection authorities on how the ePrivacy Directive relates to the UK GDPR clarifies that, if consent is required under the cookie rules:

"the controller cannot rely on the full range of possible lawful grounds provided by article 6 of the UK GDPR".

The simplest way to understand it is that if your cookies require consent under PECR, then you cannot use one of the alternative lawful bases from the GDPR to set them.

Related content:

PECR require to inform people about cookies and also to inform them about the way information is stored on their devices.
Cookies are not referred by name under the PECR, but Regulation 6 states:

(1) A person shall not store or gain access to information stored, in the terminal equipment of a subscriber or user unless the requirements of paragraph two are met.

(2) The requirements are that the subscriber or user of that terminal equipment:

  1. is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and
  2. has given his or her consent.

It means for cookies use you should mention what type of cookies are set, what these cookies will do and obtain consent for storing cookies on devices.

I BUILT MY SITE FOR FREE USING