There absolutely is a cookie law. The UK legislation is "PECR" [1] which sits alongside the GDPR.
> PECR are the Privacy and Electronic Communications Regulations. Their full title is The Privacy and Electronic Communications (EC Directive) Regulations 2003.
> They are derived from European law. They implement European Directive 2002/58/EC, also known as ‘the e-privacy Directive’.
> PECR cover several areas:
> The use of cookies or similar technologies that track information about people accessing a website or other electronic service.
See "How does this fit with the GDPR?" for how the two relate, tl;dr:
> The GDPR does not replace PECR, although it changes the underlying definition of consent. Existing PECR rules continue to apply, but using the new GDPR standard of consent.
> PECR are the Privacy and Electronic Communications Regulations. Their full title is The Privacy and Electronic Communications (EC Directive) Regulations 2003.
> They are derived from European law. They implement European Directive 2002/58/EC, also known as ‘the e-privacy Directive’.
> PECR cover several areas:
> The use of cookies or similar technologies that track information about people accessing a website or other electronic service.
See "How does this fit with the GDPR?" for how the two relate, tl;dr:
> The GDPR does not replace PECR, although it changes the underlying definition of consent. Existing PECR rules continue to apply, but using the new GDPR standard of consent.
[1] https://ico.org.uk/for-organisations/guide-to-pecr/what-are-...