According to the Directive 2009/136/EC according to article 5 (3):
“Member States shall ensure that the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information, in accordance with Directive 95/46/EC, inter alia, about the purposes of the processing. This shall not prevent any technical storage or access for the sole purpose of carrying out the transmission of a communication over an electronic communications network, or as strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the service.”
According to the Field Fisher Waterhouse (2012) there’s a full list of EU countries in which the Article 5(3) has been implemented or not, what the implementation status is, strict “opt-in” consent required (or expected) and what the legal requirements are. The case in point, the country is stated and whether or not the Article 5(3) has been implemented:
YES: Austria, Bulgaria, Czech Republic, Denmark, Finland, France, Greece, Hungary, Ireland, Latvia, Lithuania, Luxembourg, Slovakia, Sweden, United Kingdom
NO: Belgium, Cyprus, Germany, Italy, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovenia, Spain
For more information about the countries who implemented it you can check the Full Table.
What is a Cookie?
A cookie is a text-based file located onto your computer containing information that can be accessed by the visited website. Generally, cookies help enhance the user’s experience whenever they visit a website. What define cookies are 3 basic characteristics:
1. Statistical reporting
Website owners can be helped by statistical reporting in order to enhance the features of their website for the user needs.
2. Behavioural Advertising
A user can conduct a search for a certain product for which he/she is interested in. The cookie can identify the product for which the user is interested in and consecutively -the cookie- will display advertisements which are relevant to the user queries.
3. Tracking conversions
Type of Cookies
The most common types of cookies which can be found on most websites are:
Completely anonymous and identifies the country that the user comes from.
Third party cookies
Social media sharing buttons (e.g. Tweet Share, Facebook, Google+ etc)
These cookies identify on which account the user is signed in with. Also it enables the use of other server-side technologies such as sessions.
These cookies are also anonymous and they store information about the content that the user is browsing. They are used by advertising networks to serve relevant ads to the users.
Google Analytics cookies
They are also completely anonymous as they do not recognise the true identity of the user. These cookies are solely used to collect information on how users use the website, which pages they use more often, from which country they come etc.
What the website owners should do?
The new law leaves Webmasters with 3 main options:
Taking into account the fact that each website is different the structure of each policy should be differentiated.
On your introduction, you can mention and explain the following matters:
How you handle user data?
How you protect that information?
Mention that you respect the sensitive data of your users and that you protect their privacy.
Describe what the national DPA (Data protection Authority) says, according to the EU Directive.
Provide the definition of the cookie and include all the uses of cookies on the website:
- Web Analytics cookies
- Geotargeting, Advertising cookies
- Are we using any other type of cookies besides Google Analytics?
- Registration Cookies
- Geotargeting cookies?
- Third party cookies such as Social Networks (Facebook, Twitter share etc)
How we use your information
As website owners (data controllers/data processors) you should explain clearly on how you use the information that you collect; for example, if you send newsletters you should specify it and assure the users (data subjects) that you are going to safeguard the mail contact from any unauthorized access/unlawful use.
Visitors to our website
As website owners you need to clarify explicitly that the information that you collect from the visitors of your website does not recognise their true identity and additionally the cookies are used in order to improve the user experience.
People who make a complaint to us
If users (data subjects) show concern on the amount of (personal) data that is being stored on the websites, then users could contact to the website owners
Access to personal information
In the event of keeping personally identifiable information (PII), users (as data subjects) could file a “subject access request”, requesting for any PII kept on file of the website owners.
Disclosure of personal information
Website owners who are within the EU, should ensure that they are not going to send any data outside the EEA (European Economic Area) which do not have an adequate level of data protection.
[Job applicants, former/current employees]
Website owners (data controllers/data processors) should clarify for how long they maintain on their file the details of job applicants (data subjects).
Changes to this privacy notice
How to contact us
Provide your contact details for any questions/concerns made by the data subjects.