McGregor & Partners announces the EU legislation applicable to Google regarding the use of cookies

In consideration of the numerous decisions against Google regarding the use of cookies in the European Union, the company aligns with the European legislation in this field. Thus, Google has sent a letter to inform regarding a new policy regarding obtaining the consent of the final users in EU. In this respect, it states that it is necessary to have the consent of final users in EU regarding storing and accessing the cookies and other information, as well as collecting data, change and use of Google products. And the term for observing this new policy is 30 September 2015.

It is well known the fact that the important browsers allow the users to block or delete the cookies from their devices. Therefore, among the terms and conditions of the online privacy policies, there shall appear the note of the browser operator regarding the possibility of the user to manage the cookies by performing certain browser settings. However, by deactivating the cookies, it is possible that the user shall no longer be capable to access some characteristics of the internet page and as such, in fact, the users don’t have real control over the cookies!

By Directive 2002/58/EC regarding the personal data processing as amended in 2009 y the European Parliament, the reference EU legislation in the field imposes the necessity of such control. The most important amendment regarding the cookies was introduced by art. 5 (3), which provided that storing information by cookies may be performed only after the user gave its’ approval in this respect:

The member state ensures that the use of electronic communications networks to store or access information in the terminal equipment of a subscriber or user is allowed only provided that the respective subscriber or user received clear and complete information according to the Directive 95/46/EC, inter alia, regarding the scope of processing by the data controllers.

Therefore, by these amendments a controversial issue at the legislative level was decided, respectively, which is the applicable legislation to a website operator, USA or other non-EU entity whose users are from the EU?

If the site users are from the EU, it is applicable in this field the reference legislation, respectively the Directive 2002/58/EC- regarding data protection. Art. 29 of the working group (WP) expressly mentions the fact that the directive regarding data protection shall apply to the non-EU operators of a website, including the ones in the United States of America, due to the fact that introducing and using the cookies is made on equipments located in EU.

Should sending a text file installed on a hard-disk from a computer located in an EU state cause the receipt and sent back of information to a server located in another country, art. 29 of the working group provide that the national legislation of the user of the computer is applicable, in this case the EU legislation.

Therefore, the observance of the conditions regarding the observance of the EU legislation regarding the cookies is not difficult! The confidentiality policy of website operators shall need to be adapted in such a way to offer more detailed information regarding the use of cookies than the ones offered now. In addition, it will require a form of site-banner or pop-up notification seeking to obtain the consent of the user regarding the use of cookies.