EPrivacy Directive (cookie law) - EPD

From Edgar BV Wiki
Jump to navigation Jump to search

https://gdpr.eu/cookies/

Types of Cookies

In general, there are three different ways to classify cookies: what purpose they serve, how long they endure, and their provenance.

Duration

  • Session cookies These cookies are temporary and expire once you close your browser (or once your session ends).
  • Persistent cookies This category encompasses all cookies that remain on your hard drive until you erase them or your browser does, depending on the cookie’s expiration date. All persistent cookies have an expiration date written into their code, but their duration can vary.

Provenance

  • First-party cookies As the name implies, first-party cookies are put on your device directly by the website you are visiting.
  • Third-party cookies — These are the cookies that are placed on your device, not by the website you are visiting, but by a third party like an advertiser or an analytic system.

Purpose

  • Strictly necessary cookies — These cookies are essential for you to browse the website and use its features, such as accessing secure areas of the site. Cookies that allow web shops to hold your items in your cart while you are shopping online are an example of strictly necessary cookies. These cookies will generally be first-party session cookies. While it is not required to obtain consent for these cookies, what they do and why they are necessary should be explained to the user.
  • Preferences cookies — Also known as “functionality cookies,” these cookies allow a website to remember choices you have made in the past, like what language you prefer, what region you would like weather reports for, or what your user name and password are so you can automatically log in.
  • Statistics cookies — Also known as “performance cookies,” these cookies collect information about how you use a website, like which pages you visited and which links you clicked on. None of this information can be used to identify you. It is all aggregated and, therefore, anonymized. Their sole purpose is to improve website functions. This includes cookies from third-party analytics services as long as the cookies are for the exclusive use of the owner of the website visited.
  • Marketing cookies — These cookies track your online activity to help advertisers deliver more relevant advertising or to limit how many times you see an ad. These cookies can share that information with other organizations or advertisers. These are persistent cookies and almost always of third-party provenance.These are the main ways of classifying cookies, although there are cookies that will not fit neatly into these categories or may qualify for multiple categories. When people complain about the privacy risks presented by cookies, they are generally speaking about third-party, persistent, marketing cookies. These cookies can contain significant amounts of information about your online activity, preferences, and location.

Cookie compliance

To comply with the regulations governing cookies under the GDPR and the ePrivacy Directive you must:

  • Receive users’ consent before you use any cookies except strictly necessary cookies.
  • Provide accurate and specific information about the data each cookie tracks and its purpose in plain language before consent is received.
  • Document and store consent received from users.
  • Allow users to access your service even if they refuse to allow the use of certain cookies
  • Make it as easy for users to withdraw their consent as it was for them to give their consent in the first place.

ePrivacy Regulation

The EPD’s eventual replacement, the ePrivacy Regulation (EPR), will build upon the EPD and expand its definitions. (In the EU, a directive must be incorporated into national law by EU countries while a regulation becomes legally binding throughout the EU the date it comes into effect.) The EPR was supposed to be passed in 2018 at the same time as the GDPR came into force. The EU obviously missed that goal, but there are drafts of the document online, and it is scheduled to be finalized sometime this year even though there is no still date for when it will be implemented. The EPR promises to address browser fingerprinting in ways that are similar to cookies, create more robust protections for metadata, and take into account new methods of communication, like WhatsApp.

Retrieved from "http://wiki.edgarbv.com/index.php?title=EPrivacy_Directive_(cookie_law)_-_EPD&oldid=37805"