Internet users will soon see big changes to the way websites obtain consent to use cookies if Ireland complies with the provisions of a new EU Directive.
A cookie is information sent by a website to a user’s hard drive where it is stored. It enables the website to remember the user’s preferences and to customise the website accordingly.
Directive 2009/136/EC (the ‘Cookie Directive’) requires Ireland and the other EU Member States to implement national laws to adopt the Cookie Directive by 25 May 2011. The most significant amendments set out in the Cookie Directive relate to the issue of consent. The provisions further strengthen the requirements in relation to cookies and other devices already set out in Directive 2002/58/EC (the ‘E-Privacy Directive’).
Under the existing E-Privacy Directive, clear and comprehensive information needs to be provided to users to ensure they understand the concept of cookies. It also provides that users must be offered a right to refuse to allow cookies to be placed on their computers. The Cookie Directive goes even further, stating that “consent” must be given for cookies to be stored on users’ computers.
If the Cookie Directive is interpreted literally, internet users may be required to give consent (perhaps by clicking an “I accept” button) each time a cookie is placed on a user’s computer. From a practical standpoint this could lead to serious disruption and complexities for website developers, online traders and website users alike.
It will be interesting to see how Ireland and the other Member States interpret and implement the amendments to the E-Privacy Directive.