If your website serves European citizens, it falls under the current European/national privacy directives, as well as the upcoming regulations. Learn about what your company and chief compliance officer should do to avoid potential fines and penalties.
Why Companies Use Website Cookies
When you visit a website, the site creates small text files which are stored in your computer or mobile device. These may be stored temporarily (for one browsing session only) or permanently on the hard disk (until you delete them).
Understanding European ePrivacy Standards
The concept of “obtaining consent” is unclear, however. Member states implemented the directive in their own national laws, with variations in interpretation. For instance, it is unclear whether the user has to give explicit consent to be tracked with cookies, or whether implied consent is sufficient.
Now, an upcoming regulation for ePrivacy is set to replace the ePrivacy directive, and it’s likely to raise the stakes for compliance. The first draft of the new ePrivacy regulation was published by the European Commission in January 2017, and it introduces three potential changes:
- Only a “clear affirmative act” is considered consent. Implied consent is no longer sufficient in any member state, as stipulated by the current draft.
- Violations carry higher fines and sanctions. Non-compliance website operators face fines of up to €2 million.
The draft is currently being examined by the European Parliament and the Council and is still subject to change. These institutions, however, are very likely to support the requirement for explicit consent.
What This Means For Your Company’s Website
To make your website compliant with the upcoming EU regulations, your site needs to use a cookie banner on the main landing page, and on other subpages that users could be directed to by search engines. These banners should ask users to opt-in to cookies in a “clear affirmative act” as outlined in the current draft.
Here are three tips for an effective cookies banner:
- Don’t use phrases like “You agree to the usage of cookies when you continue using this site.” Such phrases are merely obtaining implied consent.
- Don’t use pre-ticked checkmarks, as these also only imply consent. Instead, let the user actively tick the checkmark before continuing to browse the website.
- Include short information about the purpose and use of the cookies, as well as the option to withdraw. This text should be in easily understood, user-friendly language.
While the EU’s new ePrivacy regulations have not yet been enacted, many large companies are already using these cookie banners. In addition to maintaining compliance, these banners promote a positive corporate image: They demonstrate transparency and care in handling customer data.