EU data watchdogs say 'prior' consent needed for cookies
BELGIUM— European data protection watchdogs have said “prior” consent must be given for the use of website cookies, according to a new guidance document.
Advice from the Article 29 Working Party builds on what was contained in Article 5(3) of the EU’s e-Privacy Directive, which is currently being transposed into national laws.
The article states that “the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent”.
The Working Party writes: “While Article 5(3) does not use the word prior, this is a clear and obvious conclusion from the wording of the provision. It makes good sense for consent to be obtained prior to the starting of the data processing. Otherwise, the processing carried out during the period of time from the moment the processing had started until the moment that consent had been obtained would be unlawful because of lack of legal ground.”
This is likely to cause consternation among businesses looking to adapt to the new rules which were adopted in May, but – in the UK at least – will not be enforced until next year.
The only exemption from the cookie consent rules is where cookies are “strictly necessary” for the provision of a service “explicitly requested” by the user. This exemption does not cover web analytics and the collection of statistical information about the use of a website, according to guidance previously issued by the ICO.