Between September 15 and September 19, the Article 29 Working Party (“WP29”) conducted an audit of major European websites to verify their compliance with Directive 2002/58/EC (“Directive”). The Directive requires that website operators obtain prior informed consent from individuals before placing a cookie on the individual’s web browser or accessing information stored on a cookie. The Directive exempts some types of cookies such as userinput cookies, authentication cookies, user-centric security cookies, and others.

Any European Data Protection Authority (“DPA”) could participate in the audit, which only targeted websites that are directed at European consumers. The WP29 has not identified the number of websites that were audited; however, on September 22, 2014, the French DPA announced that it audited 100 websites. The French DPA has further announced that it reviewed websites’ practice pertaining to:

  • the number and type of cookies stored on a user’s computer;
  • the way the information on a website’s practices with respect to cookies is conveyed to users;
  • the visibility and quality of the information provided to users;
  • the process of obtaining a user’s consent; and
  • the consequences for a user who refuses cookies.

The DPAs will share the results of their audits with the WP29, which will likely release a public statement about the results of the cookie sweep day in the future.