Experian Panorama

In-depth articles, interviews and debates covering local and global topics related to the Experian business expertise.

Businesses across the EU should start preparing to implement the “Cookie Law”

The “Cookie law”, as it is commonly known, was introduced as a result of increasing concerns over the use of cookies for behavioural marketing.  An example of this is where a record of an individual’s online activity is tracked and recorded to enable advertisers to deliver messages that are more appropriate to the individual in question.  Whilst in most cases cookies do not contain personally identifiable data and relate to a PC rather than an individual, there was sufficient concern about the possible impact on an individual’s privacy to identify ways of providing greater protection by enhancing existing legislation.

The result is the change to the e-Privacy Directive, part of the Telecoms package of reforms implemented by the EU in May 2011, that states that individuals must be notified prior to a cookie being placed on their PC and must have given their consent to do so. The only exception to this rule is where the cookie is strictly necessary for the web site to function properly.  To date, the legislation has seemingly proved unpopular with EU member governments and up to November 2011 only seven out of the 27 member states have confirmed that it has been implemented into its own laws. 

One of the reasons for this lack of response may be down to the interpretation of the requirements.  Although the legislation is aimed at those cookies that are more intrusive in terms of the data they collect, the use of cookies is now so widespread that it potentially affects all sites that use cookies even for benign reasons such as retaining an individual’s preferences from one session to the next.  Even for those countries where the legislation has been introduced the exact details of how it will be applied have not yet been determined in many cases.

First necessary steps

Whilst each country is responsible for introducing this Directive into national law and therefore could implement it in different ways, there are some steps that all businesses operating web sites within the EU can take to prepare for this change in legislation.  First of all, it is important to understand what, if any, cookies are used by the site and what they are used for.  Those that are strictly necessary for a service to be provided to a user are exempt from the ruling, though the definition of “strictly necessary” is likely to be very narrow.  

For those cookies that do not fall into the strictly necessary category, businesses can then assess the level of intrusiveness of the remaining cookies in terms of the data that they contain and the way they are used.  Although the worst case scenario is that individual countries will implement the letter of the law and require that all cookies (other than those that are strictly necessary) will require some form of opt-in from the user of the site prior to being deployed, some may take a more pragmatic view and allow for a range of measures to be implemented depending on the nature of the cookie.  For example, for those that are used to perhaps record site preferences or collect site statistics, it may be sufficient to notify the user.

Either way, by understanding and analysing the way in which cookies are currently used as soon as possible, individual businesses will be in a position to make the necessary changes to their sites as soon as the directive is introduced and the requirements are clarified in each country.

In July 2011, the European Commission wrote to the remaining 20 countries that have not yet introduced the directive in the first stage of legal action towards enforcement.  This may lead to a flurry of activity from those countries that have not yet acted and the rapid introduction of new legislation.  With this in mind, businesses across the EU should start preparing now.

Contact Experian for more information

Please, fill in this form if you want to be contacted by an Experian representative in your area.

* = Mandatory fields

  • © Experian 2010. All rights reserved.