Last October 2, Article 29 Working Party (“Article 29 WP”) issued the Working Document no. 02/2013 providing guidance on obtaining consent for cookies.
Article 29 clarified that, according to the “opt-in” rule (i.e., prior and express consent) set forth by e-Privacy Directive (Directive 2002/58/EC as amended by 2009/136/EC) for the storage of, or access to, cookies and similar technologies, the mechanism for obtaining consent to cookies must fulfil the following requirements:
1. Specific information
2. Prior consent
3. Consent give in a positive way
The process by which users could express their consent for cookies would be through a positive action or other active behaviour. Tools to reach the consent may include browser settings, splash screens, banners, modal dialog boxes, etc. Consent can be expressed clicking on a button or link or ticking a box close to the space where information is provided or by any other active behaviour which can be unambiguously interpreted as user’s consent.
4. Freely given consent
The user should be allowed to freely choose to accept all or some cookies or to decline them and to change settings for cookies in the future. Website operators should not condition the “general access” to their websites on the acceptance of all cookies. However, the access to certain contents of the website can be limited if the user does not consent to cookies. Article 29 WP makes the example of e-commerce websites, whose main purpose is to sell products: in this case, not accepting non-functional cookies should not prevent the user from buying products on this website.