The 2011 changes to the EU E-Privacy Directive require website operators to obtain visitor consent via an opt in if the site uses cookies. As a reminder, on October 14th, EU’s data protection regulators released a new guidance note clarifying website operators should obtain consent by some affirmative action. Specifically, the regulators recommended that:

  1. Specific information should be provided in any cookie notice;
  2. Prior consent should be obtained before cookies are set;
  3. There should be an indication of wishes expressed by active behavior; and
  4. There should be an ability to choose freely.

If you operate a website that targets visitors living in an EU country, you should be aware of the EU E-Privacy Directive changes made in 2011. In short, website operators are now required to seek consent from website visitors in order to use cookies, via an opt in mechanism. However, each EU member state was allowed to implement this change on its own accord. This has resulted in a conflicting definitions of what precisely constitutes opt in consent.

The Article 29 Working Party, a body made up of the EU’s data protection regulators, released a new guidance note on 14th October 2013. This was done to clarify the 2011 changes made to the Directive.

The bottom line is that is that website operators targeting EU visitors must obtain consent to use cookies by some affirmative action. Mere notice of the use of cookies isn’t enough.