Blog details

Websites required to obtain consent for all non-essential cookies

Websites required to obtain consent for all non-essential cookies

The Article 29 working group, a group of 27 EU national data protection and privacy authorities, has adopted an opinion on cookie consent exemption as described in the e-Privacy Directive. More in an article by Aphaia”s guest blogger Jure Merčun after the jump.

According to the e-Privacy Directive, informed consent is required for all cookies which are not “used for the sole purpose of carrying out the transmission of a communication over an electronic communication network” or are not “strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the service”.

A cookie is a small text file that a website can store in a user’s web browser in order to retain information between visits. Cookies can be used to store data for a variety of reasons, which may or may not be beneficiary to the user. They were originally used to mostly store login information, language preferences etc., but have since been used for many Php Aide other applications, including the tracking of atoledo.com a user’s behaviour online, usually for the purposes of behavioural advertising. 


As little room as possible for interpretation

The e-Privacy Directive requires websites to obtain explicit consent from users to be allowed to store cookies on their computer, except for specific cases online casino where it is deemed essential for the basic operation of the website.

The newly adopted Opinion 04/2012 on Cookie Consent Exemption has been published with the specific intention of leaving as little room as possible open to interpretation of what an “essential” cookie is. As such, cookies that merely “assist, speed up or regulate the transmission” still require consent. Only when a functionality explicitly requested by the user would not be available were cookies disabled altogether, is the website allowed to store a cookie without consent.

Even with the above exemption, cookies with several characteristics, such as persistent cookies (cookies which are not deleted at the end of a session), and multi-purpose and third party cookies (not intended for the website, but instead for other services such as advertisements) are still required to seek consent.


Tricky enforcement

The effectiveness of the proposed restrictions will be difficult to measure, however.

The enforcement of cookie exemption will be tricky, as cookie usage has become extremely widespread. In addition, there are also other alternatives to “regular” cookies being used, for example flash cookies, which appear to be similar to other cookies, but in fact employ a different approach.

Without a reason for website owners  to cooperate, the adopted Article 29 opinion could therefore potentially remain just a good theoretical idea.  

Prev post
Aphaia at the Post and Electronic Communications Agency of the Republic of Slovenia
June 26, 2012
Next post
ACTA: a timeline
July 11, 2012

Leave a Comment