What is the cookie consent law?
The European cookie consent law, the ePrivacy Directive, is an integral part of the European Union Data Privacy Framework. This is part of the effort to secure the online privacy of EU Citizens and you should ensure that you utilize a compliant cookie consent banner for your website.
The law was issued in 2002 from the EU and amended in 2009. This law affects a user’s experience of managing cookies and tracking technologies.
The origin of the Cookie Law
This law was created to enforce and secure the privacy rights of individuals by protecting their personal data. The EU Charter of Fundamental Rights (Article 8), stated that,
“Everyone has the right to the protection of personal data”, and that “such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned”.
Further, it explained that “everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.”
Let’s be a bit clearer, the EU cookie law is the ePrivacy Directive, passed to protect the privacy of EU citizens. This provides guidelines regarding the privacy of EU citizens in relation to electronic communications as part of the wider EU efforts to establish a cohesive framework.
Purpose and agenda of EU cookie law
It can be taken as a user defence against the World Wide Web of online tracking, personal profiling, unsolicited marketing tactics and non-consensual harvesting of data by third parties.
Protection of user privacy is the primary objective of this law. As the Directive reads, “the right to private life, the confidentiality of communications and the protection of personal data in the electronic communications sector”.
Europe has been declared as a leading tech watchdog in the whole world, by the New York Times.
It is as a result of EU cookie consent law and the General Data Protection Regulation (GDPR).
What is the meaning of cookie consent law under GDPR?
The cookie consent law under the General Data Protection Regulation (GDPR)relates to how other people are dealing with your digital data, what actions they can take with or without your consent. It also states the purpose of and the actual ways that your data can be used.
The EU cookie consent law vs GDPR
Do not confuse these two legislations, the EU cookie law and the General Data Protection Regulation (GDPR). They are separate laws, however, GDPR has an impact on how certain parts of the ePrivacy Directive should be interpreted.
The EU cookie consent law / ePrivacy Directive
The ePrivacy Directive is an old legal act, issued in 2002 and amended in 2009. It deals with cookies, data retention and unsolicited e-mailing. Remember, it is not a regulation but a directive and will be implemented differently in the 28 member states of the EU.
The General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is a new regulation, which came into force in the European Union in May 2018. The scope of GDPR is more significant than the previous ePrivacy Directive. Its primary focus is data protection (covering all forms of personal data) and how companies and organisations are playing their part in securing transparency and registering user consent.
It is incredible to realize that the GDPR has flagged up the word “Cookie” only once.
How to comply with the EU cookie law
With a lot of rules, directives, regulations and mostly with different types of cookies, it gets complicated.
Being a website owner, you need to keep the following key points in mind with respect to cookies:
- All the cookies and trackers operating on your site must be explained in plain and understandable language. So that your users can easily make an informed choice of consent or revoke it according to his/ her preferences.
- On your website, you can disable cookies and trackers until you receive clear and explicit consent by a user on every cookie and tracker.
- User must not feel any sort of pressure while providing consent, it ought to be given freely. For instance, you should not make a user give necessary consent in order to avail services from your website.
- Being a responsible website service provider, it depends on how you tackle and protect data from a third-party. You must have a clear idea which third-party trackers your website might harbour and what they relate to such as video plugins or social media services.
- You must implement a GDPR compliant cookie consent banner on your website.
Frequently Asked Questions (FAQs)
Q. Is cookie consent required?
Fundamentally, the cookie consent law requires every user to provide prior informed consent before a single tracking file gets stored on his or her computer. This clarifies that you, as a website owner, must show details on how and why you are using cookies. Your visitors must have an opportunity to withdraw and refuse consent at any time.
Q. Does the US have cookie law?
Yes, the US requires companies that transact business in California to comply with the California Consumer Privacy Act (CCPA) and all affected websites should implement a CCPA compliant cookie consent banner. Moreover, if US companies transact business in the EU then they are obliged to comply with the GDPR and its requirements for consent.
Q. What are the expectations for cookie consent under GDPR?
The General Data Protection Regulation (GDPR) and ePrivacy Directive deal with how you, a site owner should obtain and store cookie consents for all EU visitors to your website.
Q. What are the requirements of the EU cookie law?
The EU parliament declared it necessary for every state within the European Union to follow the cookie law. Under this law, you have to obtain informed consent prior to storing or retrieving information on any user’s device.
Q. What is consent?
Under cookie law, consent is defined as “any freely given specific and informed indication of his/ her wishes”. In this statement, “informed” indicates that a site must show its users what type of cookies they use and also inform users of its purpose.
Q. What is a compliant cookie consent banner?
A compliant cookie consent banner must:
- provide the ability to obtain clear, prior and explicit consent
- provide the ability to scan a website periodically and identify all the different types of cookies
- enable users to set preferences for the different types of cookies
- provide a consent log
Seers provides a market-leading cookie consent banner that encompasses all the above features and more!