The ePrivacy Directive (also known as the EU cookie law) is an EU regulation that controls how your website can process personal data and utilize it for European Union visitors.
In this article, we’ll dive a bit deeper into the EU cookie law and how the Adzapier consent management platform (CMP) can make your website compliant with the new regulations.
Cookies and the EU Cookie Law
According to the EU Cookie Law, if your website has visitors from within the EU, you must –
- Withhold all cookies and trackers until users provide consent
- Give end-users easy-to-understand information about all cookies and trackers on your domain
- Gain end-user consent to all cookies and trackers in use in a friendly manner
- Enable end-users to refuse or withdraw consent in a quick and easy manner
Combined with the EU’s GDPR, the EU cookie law forms an overarching data privacy umbrella in Europe. This includes any website that has visitors from within the EU, regardless of where the business is located in the world.
Like Brazil’s LGPD and South Africa’s POPIA, many newer data privacy laws draw inspiration from the EU’s data privacy regime, including the ePrivacy Directive’s requirements for cookies.
An In-Depth Look At The EU Cookie Law
The EU cookie law (ePrivacy Directive) is actually a directive, rather than a law. A directive that each EU member has enforced through national laws. This is a stark difference from GDPR, a uniform regulation enforced across the entire European Union.
How does it work? How do you obtain explicit user consent on your website, and what qualifies as valid, “explicit” user consent?
Each member state’s data protection authority oversees the enforcement of the EU cookie law at a national level. Still, it does so based on the broader guidelines issued by the European Data Protection Board (EDPB), consisting of representatives from each country.
Under the EDPB, “valid” is defined to be:
- Freely given
Cookies are mentioned only once in the EU cookie law, but the rules started are crystal clear.
What About Cookies?
“Third parties may wish to store information on the equipment of a user or gain access to information already stored for several purposes, ranging from the legitimate (such as certain types of cookies) to those involving unwarranted intrusion into the private sphere (such as spyware or viruses).
Therefore, it is paramount that users be provided with clear and comprehensive information when engaging in any activity that could result in such storage or gaining of access. The methods of providing information and offering the right to refuse should be as user-friendly as possible.”
Cookies can come in multiple forms. Whether it’s first-party cookies required for the essential function of your site or third-party marketing cookies from ad services or social media integrations, cookies can be categorized in four ways:
- Necessary cookies
- Preference cookies
- Statistics cookies
- Marketing cookies
The ePrivacy Directive’s cookie consent requirements are clear. Any non-first-party cookies must be withheld until the end-user consents.
When will the ePrivacy Directive be replaced?
The ePrivacy Directive, with directives as far back as 2009, continues to lose its relevance. New tracking technology emerges, and online behavior changes with it. The switch from the ePrivacy Directive to the stronger ePrivacy Regulation is coming shortly.
EU Commission legislative talks to replace the ePrivacy Directive with an updated and stronger ePrivacy Regulation have been an ongoing battle for years without a clear solution in sight yet.
However, in February 2021, the EU Council published a new draft for the ePrivacy Regulation. It moved the process into a negotiation stage between the EU Parliament, Commission, and Council.
Consent is still an essential part of the new ePrivacy Regulation 2021 draft. Cookies and tracking technologies are part of the scope. The need for end-user consent first won’t be going anywhere.
Until the new ePrivacy Regulation is live, the ePrivacy Directive and the GDPR still govern data privacy in the EU.
Within those, you’re required to obtain explicit consent from end-users before cookies are allowed to be activated on your website. That requires you to:
- Provide users with comprehensive, easy-to-understand information about all cookies in use
- Give users the option to refuse or withdraw consent easily
With Adzapier’s Consent Management Platform (CMP), you can automatically gain consent. Our top goal is to maintain confidence and full transparency in privacy and compliance with our publisher partners and their advertisers.