6 September, 2012
The new Dutch Cookie Law entered into force on June, 5 2012, and continues to cause a lot of confusion. Especially website administrators are often unsure as to what is expected of them to be compliant to the new Cookie Law. Below, is a short overview of what the new Cookie Law will entail for you and your website, and how you can comply with it.
Who does the Cookie Law apply to?
All Dutch websites using cookies have to comply with the Cookie Law. Foreign websites that target the Dutch market have to comply as well.
What does the Cookie Law apply to?
The new cookie legislation does not only apply to cookies and is therefore more than a ‘Cookie’ Law. This law also applies to any form of posting or reading of data on a user’s computer; flash cookies and web beacons also fall under the scope of the Cookie Law as well, just as ‘device fingerprinting’.
What are the consequences if I do not complying with the law?
OPTA, the Dutch supervisory authority, can fine you for up to 450,000 euros.
What is expected of you?
As a website administrator, two actions are expected of you: you have to inform the visitor of your website about the cookies you use, and you have to ask permission to place cookies. Both of these actions have to be done before any cookies are placed.
How should I inform my users?
How should I ask for permission?
Although there are many different types of cookies, permission is required for all of them, except one. Cookies that are strictly necessary for the website to work (such as cookies used for online shopping carts) are exempted from the Cookie Law.
Additionally, for ‘tracking cookies’ a stricter regime applies as of January 1st, 2013. It is likely that unambiguous consent will be required for those cookies (opt-in).
Whether, and how, you should ask for permission depends on the type of cookies you use. Browser-settings are not a sufficient basis to deduce consent from, which means the administrator has to actively ask for permission. Although there are different methods to ask the user’s consent, here are the two safest ones:
– Do not enable visitors to use your website until they have accepted your cookie;
– Let visitors choose to either accept the cookies used, or not accept the cookies used.
Where should I start?
If you want to be compliant with the Cookie Law, you should take the following steps:
1. Identify what type of cookies your websites uses Ask your IT-department and/or your website designer what cookies your website places on a visitor’s computer. Make sure to include cookies used by third parties!
2. Classify these cookies by their function What purpose do those cookies serve? Make a distinction between cookies that are ‘strictly necessary’, tracking cookies, and remaining cookies. Tracking cookies are all cookies used to monitor a user’s behaviour over different websites, such as advertisement cookies or analytic cookies.
4. Decide how you will inform your user, and how you will ask for permission Opt for a solution that fits you; splash pages, headers, footers or a plug-in from a third party. Every option has its benefits and drawbacks. Considerati can be of service in informing you on all your options.
5. Implement your solution Test and then implement the solution.
Considerati can provide tailored and detailed advice, and set up the best plan to apply the new Cookie Law to your website. Fore more information contact email@example.com.
Senior Legal Consultant
2013 was a tumultuous year with regards to privacy. But what can we expect in 2014? Has the privacy...