Using Cookies on the World Wide Web? U.S. Companies Should Pay Heed to Changing EU Law
Web “cookies” are crucial to the convenience of the Internet. These small data files store passwords and user preferences and track users’ Internet movement, allowing for targeted and affiliate marketing. Cookies reflect the tension between ease-of-use and privacy found in online commerce. In the United States and under the prior law of the European Union, users can “opt out” of receiving cookies, usually by adjusting their browser settings.
The EU approved the Privacy and Electronic Communications Directive in 2009, making it effective May 26, 2011. Under the directive, web sites must get clear, informed and “explicit consent” by notifying visitors each time a new cookie is placed, unless that cookie is “strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested.” What does this exception mean? Web site operators and online advertisers have been awaiting clarification and the United Kingdom’s Information Commissioner’s Office (ICO) attempted to provide it earlier this week with a ten-page published guidance, found here.
The ICO advises that changing the terms-of-use language for a web site from “opt out” to “opt in” for cookies is not good enough. It admits, however, that most browser settings are presently not sophisticated enough to provide for a multi-tiered permission tickbox upon visiting a site.
What it Means
What You Should Do
If you have any questions or concerns regarding the new EU cookie directive, or other privacy risks, compliance, or litigation, please contact your Lathrop Gage attorney or the attorney listed above.