The phrase “this website uses cookies” is one that most internet users are acquainted with. Cookies have been around for a while, but some website users and operators are still unsure what they are and how they are governed by data protection and privacy laws.
The EU recently simplified the situation by issuing thorough guidelines in 2009, stating that all EU member states should allow EU citizens to refuse the usage of cookies in order to preserve their online privacy. At the very least, website providers must now give an opt-in service when it comes to tracking cookies. In a recent judgment, the European Court of Justice confirmed that user consent must be sought before the cookies can be set up.
EU Cookie: What They Mean and How They Impact?
The European Union adopted its ‘Directive on Privacy and Electronic Communications’ in 2002, with additional cookie-related amendments enacted in 2009. Despite criticism for its structure and difficulty of interpretation, the EU set a deadline of May 2011 for all member states to adopt their regulation.
The EU directive, dubbed simply “The Cookie Law,” acknowledges the necessity of cookies in order to create the personalized online universe we enjoy today, but also makes clear that cookies may constitute an invasion of privacy and that users deserve the right to be informed about the presence and use of cookies.
Certain cookies that are deemed “strictly necessary for the provision of a service requested by the user” are exempt from disclosure because they benefit the user significantly more than the enterprise. This includes cookies used to track shopping carts in e-commerce and to save the user’s vital login information.
In the EU, website operators must obtain the user’s permission before using the majority of cookies. This includes any cookies that do not fit the aforementioned condition of being “essential.” This means that advertising cookies used for retargeting, analysis, and social media are now subject to user consent.
However, the primary concern many businesses have with these EU laws is that the recommendations do not specify how they should be applied. There is ambiguity around acquiring authorization from site visitors.
Germany is considering enacting a new law in 2020 which will consolidate data-related laws. However, just a proposal for the law has been developed as of yet. This information is subject to change.
The bill does include an intriguing point about cookies: the draft indicates that cookies that are not required to operate a website should be automatically rejected. This eliminates the need for users to accept or reject cookie declarations each time they visit a website.