ePrivacy Directive ("EU cookie law”)

The proliferation of cookie consent pop-ups after it was passed.

Major provisions:

If your website has visitors from inside the EU, the ePrivacy Directive requires you to :

• Withhold all cookies and trackers until users have given explicit consent to their activation,
• Give end-users clear and comprehensive information about all cookies and trackers embedded on your domain in plain and easy-to-understand language,
• Ask end-users for consent to all cookies and trackers in use on your domain in as user-friendly a way as possible,
• Enable end-users to refuse or withdraw consent as easily as they can give it.

The European cookie law (ePrivacy Directive), with its requirements for obtaining end-user consent, is the reason why you’re required to feature a consent banner on your website that EU visitors can use to either give or refuse consent to the non-necessary cookies that process personal data on your domain (such as search and browser history, IP addresses, etc.).

A GDPR/EU cookie law compliant consent banner from Cookiebot CMP.

Notable significance: 

• Along with the General Data Protection Regulation (GDPR), the EU cookie law makes up the world’s strictest data privacy regime, which requires you to obtain the explicit consent from end-users before cookies are allowed to be activated on your website.
• EPD has extraterritorial scope, meaning that any website, regardless of where in the world it is located, must comply if it has visitors from within the EU.
• Many newer data privacy laws, like Brazil’s LGPD and South Africa’s POPIA, are heavily inspired by the EU’s data privacy regime, particularly the ePrivacy Directive’s cookie requirements.