Steven B. Roosa is a Partner in our New York office and Derrick Hibbard is an Associate in our West Palm Beach office.
As part of the continued effort to protect online privacy, European Union Data Protection Authorities have swept websites and mobile apps to ensure compliance with Directive 2009/136/EC, otherwise known as the EU Cookie Directive. The initiative was conducted during the week of September 15-19. The initiative is significant because it signals regulator's continued focus on online privacy, as well as concrete steps they will take to ensure compliance and enforce standards.
Starting in October 2014, France's privacy regulator, the Commission Nationale de l'Informatique et des Libertés, will also be conducting onsite and remote inspections to verify compliance with its guidelines on cookies.
The EU Cookie Directive amended the EU's Privacy and Electronic Communications Directive, 2002/58/EC, and requires websites to obtain consent from visitors for the placement of cookies1 to store, or retrieve information on a computer or other web connected device. In other words, for websites subject to the Directive, a cookie should only be stored on a user's computer or accessed from the user's computer if the user has given his or her consent, and only after having been provided with clear and comprehensive information. However, there is an exception to the directive for cookies that are vital to the provision of a service requested by the end user, or if information is stored for the sole purpose of carrying out an online communication.
The best way for companies to manage risk and ensure compliance is to be aware of how cookies are used with their websites and mobile apps, and to obtain sufficient consent from users to use and store cookies.
Holland & Knight Data Privacy Testing Lab assists companies in identifying if and how cookies are used and provides recommendations on how to best obtain consent from users.
Footnote
1 A cookie is a piece of data sent from a website while a user is browsing that website. The data is then stored in a user's web browser or on the user's web connected device, and each time the user loads the website, the browser sends the cookie back to the server to notify the website of the user's previous activity.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
