Cookies from Luxembourg

When you hear the word cookies and the first thing that comes to mind are sweet treats, you probably haven't given much consideration to these little trackers in our everyday digital world. And yet everyone is talking about them at the moment, because the European Court of Justice published a new directive on October 1st, 2019, which stipulates that setting cookies that are not absolutely necessary requires the active consent of the user.

What are cookies that are not absolutely necessary?

Cookies are text files that are stored in the browser as soon as you visit a website. When you surf this website again, the information is read, the visitor is identified, and the login data, the shopping cart at an online store or the language selection is stored. These are called technical cookies (session cookies), which are necessary and useful. In addition, there are however also those cookies that allow for the creation of profiles on the user's surfing behaviour. These are so-called tracking cookies or third-party cookies, which are not actually required. The user is tracked for the duration of their visit to the website. For this, special tracking services are needed. These are usually third-party companies that collect and evaluate data, and link this with the user's name. Scripts are integrated in websites (images, banners, pixels, text) and set the relevant cookies when you visit a website. For example, the operator of an online shop can send personalised advertising to the customer or modify his offer.

Up till now, a user could simply block undesired tracking cookies via the security settings in the browser (e.g. block all and accept selected cookies, or vice versa - accept all and blacklist undesired cookies). However, actively blocking cookies presupposes that a user understands what crumbs they are leaving behind for resourceful data refineries. The judgement of the European Court of Justice dated October 1st, 2019 is highly likely to be related to this, among other things. From now on, the user may no longer be left in the dark: Cookies may only be set with the active consent of the user.

Decision of the European Court of Justice

The basis for the new directive of the European Court of Justice was a Planet49 competition that was hosted purely for advertising purposes. The entry form contained checkboxes with default tick marks. Participants agreed (not actively and not on a voluntary basis) to the use of a web analysis service. This means cookies are set, the result of which is the evaluation of surfing and usage behaviour. The European Court of Justice considers this to be a breach of privacy. The court rejected the counterargument that cookies only contain pseudonymised and not personal data, since this is information that makes it possible to identify a user (e.g. by assignment to an identifier such as a name, to an identification number, to location data or online identification).

The user's privacy must be protected in any event, even if this does not always explicitly involve collection of personal data. Devices and the information stored on these devices are part of the private sphere of users. Where spyware, web bugs, hidden identifiers or similar means are used to access users' devices without their knowledge, this is deemed to be an infringement of privacy.

As a result, cookies or tracking services may now only be stored if the user has actively agreed to this. In addition, notification must in future be provided if cookie data is forwarded to third parties. Silence, pre-selected checkboxes or inaction do not constitute consent in this regard.

This directive appears to be a logical step for protecting users, and also shows the way that ePrivacy regulations will go. Notwithstanding this, one can criticise the fact that there is no binding catalogue of allowed and prohibited cookies. There is also no mention of penalties in the case of non-adherence. It therefore remains to be seen as to how many website operators will implement the stipulations and what alternative tracking methods will develop. There are certainly still interesting times ahead!

Are you interested in wireless Internet access for guests, staff or things for your enterprise, or do you provide network solutions for clients? Drop a few lines to share your opinion with us:

At Asteas, we see it as our task to shape wireless Internet access in networks efficient and legally conformant for the supplier, efficient and comfortable for the user and secure for both.

For more information, visit our website or contact us here.

More information
This website uses cookies to improve its usability.