How did the EU directive for data protection and confidentiality of electronic communication come to be known as the “EU Cookie Law”. We will cover the part of the law that gave it this name and how to comply your website with it.

What is a Cookie?

Cookies are small text files that the website stores on a visitor’s computer. The website or a third party places cookies for various purposes. The cookies monitor the user activity on the site and deliver personalized content.

Some cookies are necessary for a website to function properly. Hence, they are called strictly necessary cookies. Other types of cookies collect user data and record online user behavior. They are mostly known as tracking cookies, and they are often third-party cookies. These are the ones that raise privacy concerns among the users because the monitoring and personal data collection often happen without the user’s knowledge.

Read more about how cookies track here.

What is EU Cookie Law?

ePrivacy Directive (ePD), introduced in 2002 and later, amended in 2009, is an EU directive on data protection and privacy. There is a specific clause concerning cookies. That is why the Directive came to be known as the EU Cookie Law. It gave the EU member states a framework to make their own laws to implement the Directive. All EU member states since adopted the Directive in 2011 and implemented their laws.

The Cookie Law’s key takeaway is the prior consent for using cookies. It mandates that the websites must obtain user consent before placing any cookie on the user’s device. The law exempts strictly necessary cookies from this. The Directive agrees that cookie is a useful technology; however, it can also affect user privacy. It mandates that a website must:

  • Provide clear and precise information about the cookies (including strictly necessary ones) and their purpose when users visit a website.
  • Get prior consent from users to store the cookies on their device.
  • Make available an option for users to deny consent to use the cookies.
  • Make the means of providing cookie information, opt-out option, and requesting consent as user-friendly as possible.
  • Allow access to website content that may not use the cookie denied by the users.

The EU’s General Data Protection Regulation (GDPR) is similar to the ePrivacy Directive. However, they have some differences.

How to Comply with the Cookie Law?

To comply with the EU cookie law, a website owner must ensure:

  • Reviewing all the cookies your website uses and be aware of their purpose.
  • Implementing a cookie banner to let users notify about the usage of cookies on the site.
  • Including a cookie policy or add a cookie clause to the privacy policy that states all the necessary information about the cookies required per the law.
  • Asking prior consent from users.
  • Giving an opt-out option in the banner/cookie policy for using cookies.
  • Providing a link to the website policy on the cookie banner where users can manage their consent.

In 2017, the EU proposed a regulation known as ePrivacy Regulation (ePR), which will soon repeal ePD. Unlike the Directive, it will become a mandatory law across all member states once it comes into effect. The final draft is expected to address some concerns regarding cookie consent.

Update: ePrivacy Regulation’s new and most likely the final draft has entered into negotiations on February 10, 2021. The effective date still remains unknown. Read more about it here.

CookieYes offers cloud-based cookie consent solutions for your website. You can choose between various consent types and implement a cookie banner that complies with both the EU cookie law and GDPR.

Get a free cookie consent banner for your website and make it compliant with the Cookie law.

Disclaimer: The purpose of this article is to share general information only. Therefore, for any legal help with compliance, please contact a lawyer specialized in the area.

Useful Links

Consent Under GDPR

Cookie Policy and GDPR

GDPR Cookie Consent Examples