Wednesday 27 June 2012

Cookies - what the EU actually did

In an earlier posting I managed to work out what had changes in the relevant UK law to implement the changes to how we all use cookies that we all know and love. At the time I didn't know how to track down the changes to the relevant EU directives that precipitated all this.

Well, now I think I do - thanks mainly to the references at the beginning of a recent Article 29  Data Protection Working Party Opinion on Cookie Consent Exemption which itself is well worth a read (here's Andrew Cormack's summary). For your delight and delectation, here's what I think the changes are - all in Article 5.3 of  Directive 2002/58/EC as amended by Directive 2009/136/EC:

3. Member States shall ensure that the use of electronic communications networks to store information or to gain access to information storedstoring of information, or the gaining of access to information already stored in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned is providedhas given his or her consent, having been provided with clear and comprehensive information in accordance with Directive 95/46/EC, inter alia about the purposes of the processing, and isoffered the right to refuse such processing by the data controller. This shall not prevent any technical storage or access for the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network, or as strictly necessary in order to providefor the provider of an information society service explicitly requested by the subscriber or user to provide the service.
So there you have it.