Cookie Consent Exemption: Article 29 WP Opinion

Cookie Consent Exemption: Article 29 WP Opinion

The European Union’s Article 29 Data Protection Working Party (WP 29) released its Opinion 04/2012 on Cookie Consent Exemption today. The opinion is released amidst the implementation of Directive 2009/136/EC (“Cookie Directive”) in most member states and aims to clarify the circumstances in which cookies are exempted from the informed consent requirement.

In its opinion, WP 29 focuses on the two “exemption criteria” established under article 5.3 of the Cookie Directive: if the cookie is, (a) used “for the sole purpose of carrying out the transmission of a communication over an electronic communications network” or (b) “strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the service”. The opinion describes a variety of circumstances in which these exemption criteria do not apply; forcing controllers, processors, and third party actors to obtain informed consent before using a cookie.

Three general guidelines are drawn from the WP 29 analysis: (1) exemption under Criterion B must be evaluated “form the point of view of the user, not the service provider”, (2) “if a cookie is used for several purposes, it can only benefit from the exemption to informed consent if each distinct purpose individually benefits from such an exemption”; and (3) “The purpose of the cookie should always be the basis for evaluating if the exemption can be successfully applied rather than a technical feature of the cookie.”

Interestingly, social plug-in content sharing cookies can be considered exempt from the informed consent requirement in limited circumstances. On the other hand, third party advertising cookies, including cookies used for  fraud detection purposes, are not considered to be exempt from consent requirements because “neither of these purposes can be considered to be related to a service or functionality of an information society service explicitly requested by the user.”


-Julian Flamant

Leave a Reply

Privacy Calendar

8:30 am Privacy as a Profit Center: Leve... @ Old Slip by Convene
Privacy as a Profit Center: Leve... @ Old Slip by Convene
Jan 26 @ 8:30 am – Jan 27 @ 4:15 pm
Learn how those on the leading edge of privacy governance and digital innovation from companies including Cigna, Cisco Systems, eBay Inc. Public Policy Lab, FocusMotion,Ghostery, Goodyear Tire & Rubber Company, Google, HP Enterprise Security Products, JPMorgan[...]
all-day Data Privacy Day
Data Privacy Day
Jan 28 – Jan 29 all-day
“Data Privacy Day began in the United States and Canada in January 2008, as an extension of the Data Protection Day celebration in Europe. The Day commemorates the 1981 signing of Convention 108, the first[...]
all-day Global Privacy Summit 2015
Global Privacy Summit 2015
Mar 4 – Mar 6 all-day
For more information, click here.
6:00 pm CDT Annual Dinner “TechProm” 2015
CDT Annual Dinner “TechProm” 2015
Mar 10 @ 6:00 pm – 9:00 pm
Featuring the most influential minds of the tech policy world, CDT’s annual dinner, TechProm, highlights the issues your organization will be facing in the future and provides the networking opportunities that can help you tackle[...]
all-day BCLT Privacy Law Forum
BCLT Privacy Law Forum
Mar 13 all-day
This program will feature leading academics and practitioners discussing the latest developments in privacy law. UC Berkeley Law faculty and conference panelists will discuss cutting-edge scholarship and explore ‘real world’ privacy law problems. Click here[...]
all-day PL&B’s Asia-Pacific Roundtable (...
PL&B’s Asia-Pacific Roundtable (...
May 27 all-day
PROFESSOR GRAHAM GREENLEAF, Asia-Pacific Editor, Privacy Laws & Business International Report, will lead a roundtable on the countries of most interest to business in the Asia-Pacific region. Click here for more information.
all-day PL&B’s 28th Annual International...
PL&B’s 28th Annual International...
Jul 6 – Jul 8 all-day
The Privacy Laws & Business 27th Annual International Conference featured more than 40 speakers and chairs from many countries over 3 intensive days. At the world’s longest running independent international privacy event participants gained professionally by[...]

View Calendar