The Europe wide changes to the rules governing cookies pose a challenge for website operators. However, the rules may not be as onerous as issometimes claimed and compliance may be possible with a few simple amendments to the design of most sites.
Due to their foundational role, it is no surprise that the recent changes to the rules governing cookies have engendered considerable debate and some concern. But what are these changes, and how do they affect most websites?
The basic rules governing cookies are set out in the E-Privacy Directive, which became part of Irish law through the E-Privacy Regulations. A new Amending Directive, which was supposed to come into force across Europe on 25 May 2011, amends these existing rules. The Irish measures adopting these new rules have not yet been enacted. However, the Department of Communications has issued draft regulations as part of a public consultation process.
The new regime moves from this “opt-out” system to one based on user consent. In effect, a user must consent to the placing of the cookie on their computer. Unfortunately, there is some uncertainty as to what is required to get a valid user consent to the use of the cookie. This uncertainty lies at the heart of the controversy around this issue.
We must await the new Irish E-Privacy Regulations before we will precisely know how the new cookie regime will apply to Irish based websites. However, at this early stage, we can tentatively suggest that while increased disclosure will prove necessary, website operators should, in most cases, be able to avoid drastic redesigns of their service.