Although the world did not come to the end on Saturday, as one millennial group had predicted, some in Europe worry that the end is near for European Internet start-ups when the new EU cookie directive goes into effect today (May 25, 2011). The concern is that European-based websites will become littered with pop-up windows seeking consent to the use of cookies, while sites in the U.S. will continue to benefit from cookies without having to get a user’s express consent for every cookie placed on a user’s computer.
And while European-based websites fear they will bear the brunt of enforcement, U.S.-based websites with users in Europe are potentially subject to these rules.
Wbsite operators regularly install cookies (small digital files) on user’s computers to store and retrieve information on a user’s activity on the site. Cookies are an important tool for measuring the appeal of content, improving user services and targeting advertising. Traditionally, website operators have disclosed their use of cookies on their website privacy policy. Users were deemed to consent to having cookies installed on their computer in accordance with this posted policy. As the UK Information Commissioners Office (“ICO”) has explained in recently issued Guidance, this passive consent is no longer generally permitted under the new EU rules. With certain limited exceptions, a user must affirmatively “opt in” to accepting cookies before a website can install cookies (or any similar file) on a user’s computer.
The potential fines for violation of the EU cookies rule are high—up to £500,000 in the UK—but it is unclear when EU authorities will commence enforcement of this new rule. The ICO has said it will delay enforcement to give website operators time to adjust their practices. The ICO has also held out the possibility that the ultimate solution will be more advanced web browser technology. The ICO advocates widespread adoption of web browsers that give users more control over the types of cookies they allow to be placed on their computer. But until this technological solution arrives, website operators with users in Europe must confront the question of how and how soon they will bring their sites into compliance with the EU directive.
If you have any questions about this directive or how it may impact your business, please contact any member of our Privacy and Information Security Team. We hope you find this information helpful. Stay current on important developments in data privacy law by following Baker Hostetler’s Data Privacy Monitor.
Authorship Credit: Gerald J. Ferguson
Subscribe to Baker Hostetler’s Privacy and Data Security News
Baker & Hostetler LLP publications are intended to inform our clients and other friends of the Firm about current legal developments of general interest. They should not be construed as legal advice, and readers should not act upon the information contained in these publications without professional counsel. The hiring of a lawyer is an important decision that should not be based solely upon advertisements. Before you decide, ask us to send you written information about our qualifications and experience. © 2011 Baker & Hostetler LLP