The EU cookie law

HAWK · 2015-04-07 03:09:56 UTC

If you've never run a site out of the EU, you probably don't know about their cookie law (which means you may be breaching it).

Here is all the information that you'll ever need. If you clicked that link, you will have seen a cookie control pop-up in action. There are many different variations of this, but that one is a pretty good one, and is the one that we are going to be using on our new site when we launch.

You can find out more information about that pop-up, or buy it, here. (We are in no way affiliated with it.)

richard_millington · 2015-04-07 04:51:39 UTC

Just to clarify my understanding of this, and I could be wrong here.

The law is applicable to pretty much everyone regardless of whether the site is based in the EU or not. It's not where the site is based that matters, it's whether it's available to people in Europe. However, I can't imagined it will be enforced for organisations outside of the EU - if you have an EU-based office though, it matters.

Darren_Gough · 2015-04-07 08:25:20 UTC

I'm not convinced it's ever really enforced at all. Implied consent is much better than what they started with, but without cookies the internet tends not to work.

Has there ever been any case law where someone hasn't done it and it's become an issue? I don't know the answer to that - just curious.

HAWK · 2015-04-07 08:26:00 UTC

Correct, Rich.

More info on who has to comply here.

AFAIK not many people outside of the EU currently do this – certainly no one that I work for does, but that may change so it would make sense to ensure that you're compliant.

Darren_Gough · 2015-04-07 08:33:42 UTC

Agree- definitely worth doing it, and doing it nicely to be sure.

Just recall at the time in the UK it was a BIG thing and everyone slightly freaked out about it. We had an entire legal team at MSE look at it over a period of weeks to ensure we got it right.

Then they launched it, it was clear it needed to go to implied consent but you hardly hear anything about it since. Seemed a bit of a storm in a teacup.

HAWK · 2015-04-07 08:37:25 UTC

I tend to agree with you Darren. I doubt it would be enforced, but I don't want to set the precedent if it ever is!

Darren_Gough · 2015-04-07 08:44:30 UTC

Haha yes!

We certainly don't want to be remembered for the case of FeverBee vs. The Internet, 2015 :)

Bas_van_Leeuwen · 2015-04-07 09:13:00 UTC

In the Netherlands, the Authorities™ have recently (as in, last week) begun actively investigating (i.e. they are sending out surveys asking website owners to inventorize and classify the cookies they use). A prominent weblog just received a threat of a fine of €450.000 if they don't comply.

http://www.telecompaper.com/news/acm-enforces-new-cookie-rules--1075111

Darren_Gough · 2015-04-07 09:18:00 UTC

Interesting, thanks Bas

"The ACM noted that it is actively enforcing the new rules since they took effect 11 March."

So this has been law in the UK since May 2011 with very little coverage of this sort of thing. What law changed happened in the Netherlands since?

The ACM sound a bit like the ASA in the UK who are, sadly, a bit toothless when it comes to taking things from threats to enforcement. Are they a bit more robust?

Bas_van_Leeuwen · 2015-04-07 13:13:20 UTC

Ironically, the rules were changed on March 11 to be more relaxed: you no longer need permission for analytical cookies. That basically meant that the law (aimed at tracking cookies) now became enforceable since it's no longer true that basically everyone is in violation.

ACM does have teeth, or at least its predecessors did (Opta and NMa). They have sent out multi-million fines (limited to 10% of yearly revenue) for kartels and such.

Darren_Gough · 2015-04-08 08:50:20 UTC

Really interesting stuff Bas, thanks for the reply.