Directive 2002/58 on Privacy and Electronic Communications, otherwise known as E-Privacy Directive, is an European Union directive on data protection and privacy in the digital age, which has been recently updated to require informed consent for non-essential cookies.
Many of our clients transact business internationally and have websites that target European users. The European Union’s E-Privacy Directive (the “Directive”), implemented in May 2012, requires that websites obtain informed consent from users prior to storing cookies on a device. The Financial Times recently reported that the Information Commissioner’s Office (ICO) is beginning to crack down on non-compliant companies. If a website is found to be non-compliant, the ICO can issue fines of up to £500,000 ($807,450). Cookies are small data files sent from a website and stored in a user’s web browser while a user is browsing a website, and are commonly used for remembering preferences and tracking user activity. Although the Directive exempts some cookies from the informed consent requirement, most commonly found cookies, such as third-party analytics, personalization and other persistent cookies are not exempt. Generally speaking, if your website uses technology to track users, you need their consent to do so.