It is well known the fact that the important browsers allow the users to block or delete the cookies from their devices. Therefore, among the terms and conditions of the online privacy policies, there shall appear the note of the browser operator regarding the possibility of the user to manage the cookies by performing certain browser settings. However, by deactivating the cookies, it is possible that the user shall no longer be capable to access some characteristics of the internet page and as such, in fact, the users don’t have real control over the cookies!
By Directive 2002/58/EC regarding the personal data processing as amended in 2009 y the European Parliament, the reference EU legislation in the field imposes the necessity of such control. The most important amendment regarding the cookies was introduced by art. 5 (3), which provided that storing information by cookies may be performed only after the user gave its’ approval in this respect:
The member state ensures that the use of electronic communications networks to store or access information in the terminal equipment of a subscriber or user is allowed only provided that the respective subscriber or user received clear and complete information according to the Directive 95/46/EC, inter alia, regarding the scope of processing by the data controllers.
Therefore, by these amendments a controversial issue at the legislative level was decided, respectively, which is the applicable legislation to a website operator, USA or other non-EU entity whose users are from the EU?
If the site users are from the EU, it is applicable in this field the reference legislation, respectively the Directive 2002/58/EC- regarding data protection. Art. 29 of the working group (WP) expressly mentions the fact that the directive regarding data protection shall apply to the non-EU operators of a website, including the ones in the United States of America, due to the fact that introducing and using the cookies is made on equipments located in EU.
Should sending a text file installed on a hard-disk from a computer located in an EU state cause the receipt and sent back of information to a server located in another country, art. 29 of the working group provide that the national legislation of the user of the computer is applicable, in this case the EU legislation.