The Cookie law (also known as the EU Cookie Directive) is a privacy law that obliges web sites obtain the visitors’ consent for storing or retrieving information on computers, smartphones or tablets.

The Cookie law was intended for the protection of online privacy by bringing the issues revolving around cookies to the attention of consumers. In particular, it strived to show how their information is collected and used on-line and to empower them to choose whether they agree to such information being collected, stored and transmitted or not.

The Cookie law started off as an EU Directive adopted by all European Member States in May 2011 and subsequently transposed into Member State legislation. All websites hosted within the EU or targeting EU citizens are, following the transposition of this Directive, expected to comply with the law.

What are Cookies?

The preponderance of websites use cookies (small text files that allow the storage of virtually everything the author of the site wants to store in relation to a visitor) for retaining information on user preferences. Other technologies, like Flash and HTML5 Local Storage, which do the same thing as cookies are also covered by this legislation.

Some cookies collect data on websites, creating behavioural profiles of people. These profiles, together with IP addresses, are then used to decide what content and which ads show to a specific user on the site. Requiring the consent of website visitors to the use of such profiles gives users themselves more control over their online privacy.

Compliance with the EU Cookie Directive

Internet site owners who do not conform to EU Cookie Directive as transposed into their national law can face fines.

To comply with the EU Cookie Directive, it would be sufficient to keep the following points in mind:

  • work out what cookies your site sets, and what they are used for after running a cookie audit;
  • tell your visitors how you use cookies;
  • obtain their consent, such as by using Optanon; and
  • give them control.

There are 4 types of cookies, namely:

  • Essential cookies;
  • Non-Essential but harmless cookies;
  • Fairly Intrusive cookies; and
  • Very Intrusive cookies.

Everything except for the essential cookies fall under the remit of the EU Cookie Directive. Essential cookies are defined as those cookies that are required for the site to function. Moreover, the law does not distinguish between cookies used for analysis activities and those used for other purposes.

The Information Commissioner acknowledges that many websites, at present, set cookies as soon as the user accesses the website and that this makes it difficult to obtain consent before the cookie is set.

For the time being, website owners should be able to prove that they are doing everything possible to reduce the interlude of time between when the users access the website and when they receive information about cookies and are given the choice of opting in or out, even though for the time being no sure-fire solutions for doing so exist.

Equinox Advisory provides its clients with assistance in ICT law and regulation. Please contact us on here for assistance.