about whether implied or express consent is required under the E-Privacy Directive or any of the member state laws governing cookies. As a result, some European websites have added a pop-up statement specific to cookies and requesting expressed consent or an “opt-in” from the user. In June 2012, European data protection authorities (as part of the Article 29 Working Party, composed of representatives of the DPA’s, the European Data Protection Supervisor, and the European commission) issued an opinion clarifying that consent might not be required in cases where cookies were only used to track user input when completing a shopping cart online (also known as session-id cookies) and that first party analytics were not likely to create a privacy risk if the website provided clear information about the cookies and their use with an easy opportunity to opt-out by the user. [See Article 29 Data Protection Working Party Opinion 04/2012 on Cookie Consent Exemption 00879/12/ EN (adopted June 7, 2012)]. Each EU member state can, however, enact its own cookie law and there has been some variation in the consent requirements required. For example, in some countries, consent can be obtained via browser settings while others may require the express consent for use of cookies. There has been lax enforcement of these cookie restrictions and some have criticized these efforts as misguided and of little value to data privacy. The E-Privacy Regulation. Similar to the replacement of the EU Data Directive with the GDPR, the proposed E-Privacy Regulation (otherwise known as the cookie law) is planned to replace the E-Privacy Directive. Currently being drafted and revised, the E-Privacy Regulation will update and provide protections on cookie settings and direct marketing communications. The E-Privacy Regulation originally was intended to come into effect on May 25, 2018, together with the GDPR, but has still not been adopted.
156
Made with FlippingBook - Online Brochure Maker