A cookie is considered as any information stored in the users' terminal device, for instance on a PC or mobile device. Such information is used for various purposes (from enhanced functionalities to analytics, targeted advertising and product optimisation).
In a previous opinion (WP 194 of 7 June 2012), the Working Party distinguished between types of cookies and analysed whether consent was always required (See, VBB on Belgian Business Law, Volume 2012, No. 6, p. 6-7, available at www.vbb.com). Despite the fact that Article 5.3 of Directive 2002/58/EC (the "ePrivacy Directive"), allows for certain exemptions, the Working Party is of the opinion that users should, as a general rule, always have the opportunity to consent to having a cookie stored on their terminal equipment.
According to the Opinion, cookie consent should include each of the following elements:
Necessary information includes the purpose(s) of the cookies, whether third parties will place cookies on the users' device or whether third party can access data collected by the cookies on the website. In addition, the information such as the retention period, typical values, and, if relevant, details of third-party cookies and other technical information are required to inform the users fully.
Users should give their consent before the data processing starts. Therefore, consent should be sought before cookies are set or read. As a result, a website should deliver a consent...