As part of the continued effort to protect online privacy, European Union Data Protection Authorities have swept websites and mobile apps to ensure compliance with Directive 2009/136/EC, otherwise known as the EU Cookie Directive. The initiative was conducted during the week of September 15-19. The initiative is significant because it signals regulator's continued focus on online privacy, as well as concrete steps they will take to ensure compliance and enforce standards.
Starting in October 2014, France's privacy regulator, the Commission Nationale de l'Informatique et des Libertés, will also be conducting onsite and remote inspections to verify compliance with its guidelines on cookies.
The EU Cookie Directive amended the EU's Privacy and Electronic Communications Directive, 2002/58/EC, and requires websites to obtain consent from visitors for the placement of cookies1 to store, or retrieve information on a computer or other web connected device. In other words, for websites subject to the Directive, a cookie should only be stored on a user's computer or accessed from the user's computer if the user has given his or her consent, and only after having been provided with clear and comprehensive information. However, there is an exception to the directive for cookies that are vital to the provision of a service requested by the end user, or if information is stored for the sole purpose of carrying out an online communication.
The best way for companies to manage risk and ensure compliance is to be aware of how cookies are used with their websites and mobile apps, and to obtain sufficient consent from users to use and store cookies.