Cookie Consent Exemption: Article 29 WP Opinion

Cookie Consent Exemption: Article 29 WP Opinion

The European Union’s Article 29 Data Protection Working Party (WP 29) released its Opinion 04/2012 on Cookie Consent Exemption today. The opinion is released amidst the implementation of Directive 2009/136/EC (“Cookie Directive”) in most member states and aims to clarify the circumstances in which cookies are exempted from the informed consent requirement.

In its opinion, WP 29 focuses on the two “exemption criteria” established under article 5.3 of the Cookie Directive: if the cookie is, (a) used “for the sole purpose of carrying out the transmission of a communication over an electronic communications network” or (b) “strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the service”. The opinion describes a variety of circumstances in which these exemption criteria do not apply; forcing controllers, processors, and third party actors to obtain informed consent before using a cookie.

Three general guidelines are drawn from the WP 29 analysis: (1) exemption under Criterion B must be evaluated “form the point of view of the user, not the service provider”, (2) “if a cookie is used for several purposes, it can only benefit from the exemption to informed consent if each distinct purpose individually benefits from such an exemption”; and (3) “The purpose of the cookie should always be the basis for evaluating if the exemption can be successfully applied rather than a technical feature of the cookie.”

Interestingly, social plug-in content sharing cookies can be considered exempt from the informed consent requirement in limited circumstances. On the other hand, third party advertising cookies, including cookies used for  fraud detection purposes, are not considered to be exempt from consent requirements because “neither of these purposes can be considered to be related to a service or functionality of an information society service explicitly requested by the user.”

 

-Julian Flamant

Leave a Reply


Privacy Calendar

Sep
15
Mon
all-day Big Data: A Tool for Inclusion or Exclusion? @ Constitution Center
Big Data: A Tool for Inclusion o… @ Constitution Center
Sep 15 all-day
The Federal Trade Commission will host a public workshop entitled “Big Data: A Tool for Inclusion or Exclusion?” in Washington on September 15, 2014, to [...]
Sep
17
Wed
all-day IAPP Privacy Academy and CSA Congress 2014 @ San Jose Convention Center
IAPP Privacy Academy and CSA Con… @ San Jose Convention Center
Sep 17 – Sep 19 all-day
This fall, the International Association of Privacy Professionals (IAPP) and Cloud Security Alliance (CSA) are bringing together the IAPP Privacy Academy and the CSA Congress [...]
Oct
21
Tue
6:00 pm Consumer Action’s 43rd Annual Awards Reception @ Google
Consumer Action’s 43rd Annual Aw… @ Google
Oct 21 @ 6:00 pm – 8:00 pm
To mark its 43rd anniversary, Consumer Action’s Annual Awards Reception on October 21, 2014, will celebrate the theme of “Train the Trainer.” Through the power of [...]
Jan
28
Wed
all-day Data Privacy Day
Data Privacy Day
Jan 28 all-day
“Data Privacy Day began in the United States and Canada in January 2008, as an extension of the Data Protection Day celebration in Europe. The [...]
Jan
28
Thu
all-day Data Privacy Day
Data Privacy Day
Jan 28 all-day
“Data Privacy Day began in the United States and Canada in January 2008, as an extension of the Data Protection Day celebration in Europe. The [...]

View Calendar