Effective December 1, EU’s ePrivacy Directive (2002/58/EC) has been amended to require that Internet service providers and telecommunications companies obtain consent from consumers before cookies are downloaded onto their computers. In addition, these same entities must provide notice to consumers if there is a breach of the consumers’ information. Directives are not directly applicable to companies; instead, member states must pass national laws to implement the directives’ requirements on companies in their countries. There is thus some time before companies will need to start following these requirements. Namely, the amendment provides that national laws must be in place by June 2011.
TIP: Even though these requirements will not go into effect until 2011, companies that operate in the online space in Europe should begin thinking now about how they will obtain consent for cookie usage. Those that operate in the U.S. are no doubt already familiar with the process for notifying consumers in the event of a breach.