New EU Cookie Guidance: Crumbs of comfort or confusion?
This patchwork approach across Europe has caused serious headaches for those conducting e-business in multiple EU countries., A compliance mechanism could be acceptable for one country, only to be slapped down (or worse, risk a fine) in another.
In an attempt to clear up some of the confusing and often contradictory views, the Article 29 Working Party, a body made up of the EU's data protection regulators, released a new guidance note on 14th October 2013.
It recommends that all of the following elements should be included:
- Specific information should be provided in any cookie notice;
- Prior consent should be obtained before cookies are set;
- There should be an indication of wishes expressed by active behavior; and
- There should be an ability to choose freely.
Those using cookies should, therefore: (1) not assume compliance because your site mirrors what other sites are doing (they may well be non-compliant) (2) note the compliance goalposts are shifting again and (3) urgently review their opt-in mechanisms and wording.