Six Tips for Compliance with Europe’s New Cookie Rules


While the European Union’s deadline for implementing new cookie rules has passed, substantial uncertainty remains about what organizations should do to make their online activities compliant. In this advisory we offer six practical tips for dealing with the uncertainty.


The EU adopted the Citizens’ Rights Directive (“Directive”) in 2009 as part of a package of changes to update communications regulation. The Directive imposes new consent requirements on websites that use cookies, including potential limits on the use of online tracking for behavioral advertising. While the Directive’s implementation deadline was May 25, 2011, only a handful of European countries have completed their transposition of the new rules into national law.

EU member states have significant discretion to determine how they will implement the new rules, and many governments have delegated the interpretation and application of these rules to their national or regional data protection authorities. Consequently, even where legislation has been adopted, detailed implementation guidance will be needed. Given the broad scope of possible obligations under the Directive and the potential for a variety of interpretations of its rules, organizations operating websites or providing services over the Internet will need to assess their potential compliance obligations and monitor how key jurisdictions are interpreting the requirements.

The Directive amends the EU’s earlier e-Privacy Directive, which was adopted in 2002. One of the significant implications of the new rules is the requirement that a website user give consent to the use of cookies after having been provided information about cookie use. Under the old rules, providing the ability to opt out of cookies was sufficient, and notification of such a policy could be incorporated into a website’s main privacy statement. If opt-out is no longer allowed, what form of an “opt-in” consent is required? Can Web browser settings satisfy the requirement for consent?

A single interpretation of the new cookie consent requirement has not emerged. The coordinating group for European data protection regulators, the Article 29 Working Party, issued an opinion in June 2010 that advocates a strict interpretation of an opt-in requirement. Under the most rigorous application of an opt-in cookie system, a website visitor would be required to affirmatively accept the cookie through a pop-up screen or similar splash page before entering a website. This type of application would have significant implications for European website operators.

Please see full article below for more information.

LOADING PDF: If there are any problems, click here to download the file.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Davis Wright Tremaine LLP | Attorney Advertising

Written by:


Davis Wright Tremaine LLP on:

JD Supra Readers' Choice 2016 Awards
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.