What is PECR and how is it different from GDPR?

PECR = Privacy and Electronic Communications Regulations 2003, the UK implementation of the EU ePrivacy Directive. It governs cookies, direct marketing, and electronic communications. UK GDPR governs the broader personal-data processing. For cookies, PECR is the primary rule (consent required for non-essential cookies); UK GDPR defines what consent means.

Does PECR still apply post-Brexit?

Yes. PECR is UK regulation independent of EU membership. The UK government is consulting on PECR replacement (the Data Protection and Digital Information Bill went through several drafts), but as of 2026 PECR remains in force.

The Information Commissioner's Office (ICO). ICO has been one of the most active cookie regulators in Europe, with regularly-updated guidance and visible enforcement actions. Worth aligning with current ICO guidance rather than just the bare PECR text.

Home / Cookie Policy / PECR Cookie Policy Generator

PECR Cookie Policy Generator

A cookie policy that satisfies the Privacy and Electronic Communications Regulations 2003 and UK GDPR — with ICO consent guidance baked in.

Generate my UK cookie policy → Free preview · No signup · 2 minutes

PECR Reg. 6 + UK GDPR Art. 7 consent properly combined
Current ICO guidance reflected (dark patterns, equal-prominence)
Names specific cookies + third parties as ICO expects

PECR (Privacy and Electronic Communications Regulations 2003) is the UK's ePrivacy implementation. It applies to cookies, direct marketing, and electronic communications independently of UK GDPR. For cookies specifically, PECR Reg. 6 requires consent for storage / access of non-essential cookies, with consent defined by reference to UK GDPR Art. 7. The ICO has been one of the most active cookie regulators in Europe — guidance is regularly updated and enforcement is real. This page generates a cookie policy aligned with current ICO guidance plus the underlying PECR + UK GDPR framework.

What PECR + UK GDPR requires

Disclosures grounded in the actual statutory text.

PECR Regulation 6 consent

Storage of information, or access to information already stored, in a user's device requires (a) clear and comprehensive information about the purposes, and (b) consent to the storage / access. Strictly necessary cookies for delivering the service requested are exempt.

UK GDPR Art. 7 consent standard

Consent must be freely given, specific, informed, unambiguous, and as easy to withdraw as to give. UK GDPR's standard is identical to EU GDPR — pre-ticked boxes invalid, equal-prominence accept / reject required.

ICO guidance on banner UX

ICO has been clear: nag walls, manipulative design, "Accept All" without "Reject All" equally accessible are non-compliant. Updated guidance in 2023 specifically called out dark patterns.

Specific cookies + third parties named

Per ICO and EDPB guidance, specific cookies should be named with their duration and recipient. "Analytics providers" without naming is insufficient.

Withdrawal mechanism

Persistent re-open mechanism so the user can withdraw consent as easily as they gave it. ICO has enforced on missing withdrawal paths.

Common mistakes

Where PECR + UK GDPR templates usually go wrong.

PECR or UK GDPR but not both

Templates often cite only one. Both apply to UK cookies — PECR for the consent requirement, UK GDPR for the standard.
"Accept All" prominent, "Reject All" hidden

Direct violation of ICO dark-pattern guidance. ICO issued warning letters to UK newspaper sites for this pattern.
No ICO complaint reference

UK users should know they can complain to the ICO (alongside ePrivacy / GDPR enforcement). Often skipped in EU-derived templates.

Ready to generate your PECR + UK GDPR cookie policy?

A 2-minute wizard with the PECR + UK GDPR jurisdiction pre-selected. Free preview shows the first three sections — pay $2 only if you want to unlock the full document.

Generate my UK cookie policy →

FAQ