Friday, May 18, 2012

EU Internet Cookie Opt-In Law One-Year Grace Period Ends May 26, 2012 Confronting Websites and Blogs with Serious Compliance Problems

[Our own solution to this problem is found described in the previous posting at EU Pundit.]

On May 26, 2012,
one of the more prominent legal and Internet headaches
in European Union lawmaking will dawn,
namely the question of how to abide by
the "new" EU Internet Cookie Law,
formally the "EU Privacy and Communication Directive",
which already went into effect a year ago,
but for which an extra grace period of one year was granted
to permit a standardization of website compliance -- a necessary standardization which has not happened in the interim.

Worse, the implementation of the Directive by the various EU Member States is not uniform -- creating an unnecessarily complicated situation given the cross-border nature of the Internet.  See Paul McCormack at Tech Republic in Cookies and compliance: Has your website taken these six steps? where he refers to the DLA Piper report on How The EU Has Implemented The New Law on Cookies (updated December 5, 2011, showing various implementations).

Rory MccGwire, Chief Executive, BHP Information Solutions, writes as follows on May 10, 2012 at the Law Society Gazette in How the new EU cookie law affects law firms:
"It’s now 10 May, we've less than three weeks to go. I know of many websites that will switch over to a compliant version a week before 26 May. But has anyone seen examples of full compliance already being put into practice on a commercial website? I would be interested to know."
We focused on this problem last year at

Privacy Law and the EU Internet Cookie Law Opt-Out Option Deadline: European Union Companies Given One Year by EU Commission to Standardize Cookie Tracking Consent Mechanism

writing

"As we previously reported at LawPundit, the European Union "EU Internet Cookie Tracking Law" came into effect on May 26 of this year (2011) via the 2009 EU Directive, protecting user privacy rights by requiring that users be informed by companies of the extent of their cookie tracking and be given the option to "opt out" of such tracking."


92% of blogs and websites use cookies, so this law applies to nearly everyone with blogs or websites or businesses located in Europe.

Many websites and blogs use third-party services without themselves knowing exactly what cookies they place. 

Furthermore, many serious sites, such as online banking, social media, email programs, and yes, even search engine settings, rely on cookies for operation. How else could you post easily to Facebook or Twitter from a third-party page if there were no cookies?

Such "necessary" cookies are permitted by the EU directive as exceptions and no express opt-in is required for them since the "opt-in" is presumed from the use of the service.

The solution we adopted for our own blogs, which rely on Google Analytics, is Silktide, as described in the previous LawPundit posting.

Please be aware that we are not recommending the use or installation of this or any other solution and expressly disclaim any liability for any solution that any website, blog or other Internet presence takes regarding this EU law. When in doubt, consult your attorney.