1. Introduction

A prominent UK technology news website has released an updated Cookie Policy, effective from 4 June 2025, aimed at clarifying how cookies and similar technologies are used on its platform. The policy applies to all visitors from the United Kingdom and outlines the roles of both first-party and third-party cookies, including those placed by advertising and analytics partners. The update comes amid growing regulatory scrutiny over data privacy and consent management, as the Information Commissioner's Office (ICO) continues to enforce stringent rules under the UK General Data Protection Regulation (UK GDPR) and the Privacy and Electronic Communications Regulations (PECR).

2. What Are Cookies and How Are They Used?

Cookies are small text files stored on a user's device by a web browser. They are widely used to remember preferences, track user behaviour, and enable website functionality. The website explains that cookies can be categorised into several types: technical or functional cookies, statistics cookies, advertising cookies, and marketing/tracking cookies. Functional cookies are essential for the operation of the site—such as remembering login status or shopping cart contents—and do not require user consent. However, for all other categories, the site now requests explicit permission via a consent pop-up.

The policy also introduces scripts and web beacons. Scripts are pieces of code that enable interactive features and proper functioning, while web beacons (or pixel tags) are invisible images used to monitor traffic and user engagement. These technologies, combined with cookies, allow the website to deliver personalised advertising, analyse visitor behaviour, and improve user experience.

3. Detailed Breakdown of Cookie Categories

The updated policy provides a granular breakdown of the cookies in use. Technical or functional cookies include those from Cloudflare (e.g., __cf_bm for bot filtering), PHP session cookies, Complianz for consent management, WordPress for user preferences, and Stripe for payment fraud prevention. Statistics cookies, such as those from Google Analytics (_ga, _gid) and Hotjar (_hjSession, _hjSessionUser), help the site understand page views, session duration, and user journeys. These require user consent before activation.

Advertising and marketing cookies are the most privacy-intrusive. Criteo, Facebook, Twitter (now X), LinkedIn, Google Ads, and Google Ads Optimization all set cookies for retargeting, ad delivery, and conversion tracking. For example, Facebook’s _fbp cookie tracks visits across websites, while Criteo’s cto_bundle provides cross-page functions for remarketing. The policy notes that many of these third-party services are based in the United States and may transfer data internationally, which users should consider when giving consent.

Social media integration is another key area. Embedded content from Facebook, LinkedIn, and X (formerly Twitter) can place cookies even when users do not interact with the sharing buttons. These cookies may store browsing habits and create profiles for personalised advertising. The policy advises users to review the privacy statements of these platforms for complete transparency.

4. Consent Mechanism and User Control

The website uses a Consent Management Platform (CMP) provided by Complianz to handle user preferences. Upon first visit, a pop-up explains the categories and asks users to select which types of cookies they allow. Consent is stored persistently via cookies like cmplz_consented_services and cmplz_marketing, which have a 365-day expiration. Users can change their preferences at any time by clicking a ‘manage consent’ button, though the policy notes that the AMP version requires an alternative approach due to JavaScript limitations.

For vendors participating in the Transparency and Consent Framework (TCF), the policy outlines legitimate interest purposes. Users have the right to object to such processing. The policy also details special features and purposes, such as profiling and cross-device tracking, which require explicit consent. The vendor list includes prominent ad-tech companies, and users can view each partner's privacy policy and legitimate interest claim.

5. User Rights Under UK Data Protection Law

In line with the UK GDPR, the website guarantees several rights to its users. These include the right to know why personal data is collected, how long it is retained, and the right to access any data held. Users can request rectification or deletion of their personal information, and they may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal. The right to data portability is also granted, meaning users can obtain their data in a machine-readable format and transfer it to another controller.

The policy encourages users to contact the website’s data team with any requests or complaints. If a satisfactory resolution is not reached, users can escalate the matter to the ICO, the UK's independent data protection authority. Contact details provided include a physical address in London, an email address (mydata@ex.comwearemvi.com), and a phone number (0208 150 8286). The website also states that the Cookie Policy has been synchronised with cookiedatabase.org, a public resource for cookie transparency, as of 13 May 2026.

6. Enabling, Disabling, and Deleting Cookies

Users can control cookie placement through their browser settings. Most modern browsers allow users to block all cookies, accept only first-party cookies, or delete cookies after each session. However, the policy warns that disabling all cookies may prevent certain parts of the website from functioning correctly—for example, login features or persistent shopping carts may be broken. If a user deletes cookies, they will need to provide consent again on their next visit.

For those who prefer not to rely on browser settings alone, the website’s CMP provides a more granular approach. The list of placed cookies in the policy is exhaustive, covering over 80 individual cookies from services such as Snowplow, Elementor, One Signal, and Google reCAPTCHA. Each cookie is described with its name, expiration period, and function, giving users full transparency into what data is collected and why.

7. Implications for Publishers and Advertisers

The update reflects broader industry trends toward user-centric privacy. With the ICO increasingly active in enforcing cookie consent rules, publishers are moving away from implied consent and towards explicit, informed opt-ins. The policy’s inclusion of a TCF vendor list and legitimate interest objections is a clear indication of compliance with the latest regulatory expectations. For advertisers, this means that targeting and retargeting campaigns will need to rely on first-party data and contextual signals rather than indiscriminate third-party tracking.

The use of multiple analytics and marketing tools also highlights the complexity of modern web ecosystems. The website integrates Google Analytics for pageview counting, Hotjar for heatmaps, Snowplow for custom event tracking, and HubSpot for marketing automation. Each tool requires separate consent categories, and the CMP must manage overlapping permissions. This layered approach is becoming standard practice for large publishers seeking to balance monetisation with user rights.

8. Contact and Further Information

The website has made it easy for users to exercise their rights or ask questions. The contact form is available on the site, and the dedicated data protection team can be reached via the email and phone listed. The policy also notes that the document was last updated on 4 June 2025 and will be reviewed periodically to reflect changes in law or technology. Users are encouraged to revisit the page for updates.

In summary, this comprehensive Cookie Policy overhaul demonstrates a commitment to transparency and legal compliance. By providing detailed information about each cookie, obtaining granular consent, and enabling users to exercise their rights, the website sets a benchmark for data privacy practices in the UK digital publishing sector. The policy not only meets the requirements of UK GDPR and PECR but also aligns with global best practices, preparing the site for future regulatory developments such as the proposed Data Protection and Digital Information Bill.

Source: UKTN News