For the past ten years, the federal government, through the Office of Management and Budget’s (“OMB”) June 22, 2000 Memorandum on Privacy Policies and Data Collection on Federal Web Sites, effectively prohibited federal government sites from using cookies to collect data from visitors.

That guidance provided that “the presumption should be that ‘cookies’ will not be used at Federal web sites.”1  

On June 25, 2010, the OMB retracted its prior position when it released a new Guidance for Online Use of Web Measurement and Customization Technologies.2 The new guidance provides that agencies may use cookies to improve federal services online. Federal agencies may not, however, use cookies:

  • to track individuals on the Internet outside the website or application from where the technology originates;  
  • to share data with outside agencies without a user’s explicit consent;  
  • to cross-reference any data collected against personally identifiable information (“PII”) without a user’s explicit consent in order to determine individual-level online activity;  
  • to collect PII without a user’s explicit consent; or  
  • for any similar usage determined by the OMB.  

The OMB’s guidance also imposes notice, choice, data safeguarding and privacy, data retention and access, enforcement, and verification obligations on federal agencies that use cookies. The Administration’s revised policy now permits the government to offer many personalized offerings to site visitors in a manner already underway in the private sector.