The EU Cookie Law (ePrivacy Directive)

The EU Cookie Law (ePrivacy Directive)

By Shreya

Published on 11th Dec 2019

Cookies are small text files that the website stores on a visitor's computer. The website or a third-party places cookie for various purposes. The cookies monitor the user activity on the site and deliver personalized content.

Some cookies are necessary for a website to function properly. Hence, they are called strictly necessary cookies. Other types of cookies collect user data and record online user behavior. They are mostly known as tracking cookies, and they are often third-party cookies. These are the ones that raise privacy concerns among the users because the monitoring and data collection often happen without the user’s knowledge.

Read more about how cookies track here.

This article focuses on the clause that gave the ePrivacy Directive its title "EU Cookie Law."

ePrivacy Directive (ePD), introduced in 2002 and later, amended in 2009, is an EU directive on data protection and privacy. There is a specific clause concerning cookies. That is why the Directive came to be known as the EU Cookie Law. It gave the EU member states a framework to make their own laws to implement the Directive. All EU member states since adopted the Directive in 2011 and implemented their laws.

The Cookie Law’s key takeaway is the prior consent for using cookies. It mandates that the websites must obtain user consent before placing any cookie on the user's device. The law exempts strictly necessary cookies from this. The Directive agrees that cookie is a useful technology; however, it can also affect user privacy. It mandates that a website must:

  • Provide clear and precise information about the cookies (including strictly necessary ones) and their purpose when users visit a website.
  • Get prior consent from users to store the cookies on their device.
  • Make available an option for users to deny consent to use the cookies.
  • Make the means of providing cookie information, opt-out option, and requesting consent as user-friendly as possible.
  • Allow access to website content that may not use the cookie denied by the users.

To comply with the EU cookie law, a website owner must ensure:

  • Reviewing all the cookies your website uses and be aware of their purpose.
  • Implementing a cookie banner to let users notify about the usage of cookies on the site.
  • Including a cookie policy or add a cookie clause to the privacy policy that states all the necessary information about the cookies required per the law.
  • Asking prior consent from users.
  • Giving an opt-out option in the banner/cookie policy for using cookies.
  • Providing a link to the website policy on the cookie banner where users can manage their consent.

In 2017, the EU proposed a regulation known as ePrivacy Regulation (ePR), which will soon repeal ePD. Unlike the Directive, it will become a mandatory law across all member states once it comes into effect. The final draft is expected to address some concerns regarding cookie consent.

CookieYes offers cloud-based cookie consent solutions for your website. You can choose between various consent types and implement a cookie banner that complies with both the cookie law and GDPR. Read this article to know more about it.

Disclaimer: The purpose of this article is to share general information only. Therefore, for any legal help with compliance, please contact a lawyer specialized in the area.

Consent Under GDPR

Cookie Policy and GDPR

GDPR Cookie Consent Examples

Make Your Website GDPR Compliant With CookieYes

CookieYes is a new and easy solution to make your website comply with the GDPR Cookie Law from Cookie Law Info. Join the 900,000+ website using our solutions now!


Shreya is a Content Writer for Mozilor Technologies. She writes about data protection laws and cookies (not the eating type). In her free time (or any time), she enjoys listening to music and reading fiction.

Post a Comment

Your email address will not be published. Required fields are marked *