![]() Unlike the EU which has specific laws governing the use of cookies, in the United States, there are various state and federal laws that include cookies as regulated personal information. This highlights that Planet49 resolved one critical, but narrow, issue under these laws, but uncertainty regarding cookie disclosures and the parameters of “consent” awaits companies that target EU consumers. However, the Planet49 court explicitly did not address whether consent was “freely given” if the website barred access to users who did not accept cookies. In evaluating this policy under both the ePrivacy Directive and GDPR, the court held that pre-checked cookie consent forms violated both EU laws-a conclusion that seemed likely under GDPR but far from clear under the ePrivacy Directive-and further held that “informed” consent requires the website to disclose how long cookies remain on a device and whether third parties can access these cookies.Īs a key post-GDPR ruling, Planet49 suggests that EU courts will read the ePrivacy Directive and GDPR consistently whenever possible. Because cookies uniquely identify a user, they are “personal data” under GDPR, requiring disclosure and “specific, informed, and unambiguous” user consent.īoth pre- and post-GDPR, Planet49’s consent policy used a default pre-checked box to obtain user consent to receive cookies, and a user had to manually uncheck the box to avoid installing cookies on a device. companies) that markets to EU consumers and processes personal data of EU individuals. With the 2018 implementation of GDPR, EU regulators have closely followed the mandate that user consent be “specific, informed, and unambiguous.” Unlike the ePrivacy Directive, GDPR applies to any entity (including U.S. Under the pre-GDPR ePrivacy Directive, companies generally relied upon implied consent from a user’s ongoing use of the website. The EU’s 2002 ePrivacy Directive-colloquially known as the “Cookie Law”-requires that websites ask users to accept cookies, web beacons, and other tracking files before installing them on the user’s device. In a case involving Planet49, an online lottery operator, the Court of Justice for the European Union offered some of the first court guidance regarding cookies under both the ePrivacy Directive and GDPR. But a recent court decision in Europe provides some guidance on what constitutes visitor consent. With requirements varying by jurisdiction and geographic reach, companies and industries now find themselves in the position of finding ways to satisfy standards established by the EU’s General Data Protection Regulation, the EU’s ePrivacy Directive, and most recently, the California Consumer Privacy Act. Virtually all companies with high-traffic websites use cookies to track visitors’ online experience, but global best practices in disclosing the use of cookies-and obtaining visitors’ consent to their use-have proven elusive despite intense scrutiny from privacy advocates.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |