New Cookie Law in the Netherlands

Back to articles

6 September, 2012

The new Dutch Cookie Law entered into force on June, 5 2012, and continues to cause a lot of confusion. Especially website administrators are often unsure as to what is expected of them to be compliant to the new Cookie Law. Below, is a short overview of what the new Cookie Law will entail for you and your website, and how you can comply with it.

 

Who does the Cookie Law apply to? 

All Dutch websites using cookies have to comply with the Cookie Law. Foreign websites that target the Dutch market have to comply as well.

 

What does the Cookie Law apply to?

The new cookie legislation does not only apply to cookies and is therefore more than a ‘Cookie’ Law. This law also applies to any form of posting or reading of data on a user’s computer; flash cookies and web beacons also fall under the scope of the Cookie Law as well, just as ‘device fingerprinting’.

 

What are the consequences if I do not complying with the law?

OPTA, the Dutch supervisory authority, can fine you for up to 450,000 euros.

 

What is expected of you?

As a website administrator, two actions are expected of you: you have to inform the visitor of your website about the cookies you use, and you have to ask permission to place cookies. Both of these actions have to be done before any cookies are placed.

 

How should I inform my users?

It has to be clear for the visitors of your website what the cookies that will be placed actually do. By placing a ‘cookie-message’ in a header, footer or by using a flash page, it is clear for a consumer that your website uses cookies. For more information, the user can be directed to your ‘cookie policy’. Make sure this information is easy to find, for example by placing a link to the policy in the cookie message.

 

How should I ask for permission?

Although there are many different types of cookies, permission is required for all of them, except one. Cookies that are strictly necessary for the website to work (such as cookies used for online shopping carts) are exempted from the Cookie Law.

 

Additionally, for ‘tracking cookies’ a stricter regime applies as of January 1st, 2013. It is likely that unambiguous consent will be required for those cookies (opt-in).

 

Whether, and how, you should ask for permission depends on the type of cookies you use. Browser-settings are not a sufficient basis to deduce consent from, which means the administrator has to actively ask for permission. Although there are different methods to ask the user’s consent, here are the two safest ones:

–           Do not enable visitors to use your website until they have accepted your cookie;

–           Let visitors choose to either accept the cookies used, or not accept the cookies used.

 

These option might not be user friendly enough, or might cause problems for your website. Depending on what type of cookies you use, Considerati can provide specific advice. This way, you can avoid to miss opportunities or having visitors leave your website because of a too strict cookie policy.

 

Where should I start?

If you want to be compliant with the Cookie Law, you should take the following steps:

 

1. Identify what type of cookies your websites uses
Ask your IT-department and/or your website designer what cookies your website places on a visitor’s computer. Make sure to include cookies used by third parties!

 

2. Classify these cookies by their function
What purpose do those cookies serve? Make a distinction between cookies that are ‘strictly necessary’, tracking cookies, and remaining cookies. Tracking cookies are all cookies used to monitor a user’s behaviour over different websites, such as advertisement cookies or analytic cookies.

 

3. Create a cookie policy, based on the used cookies
In this policy, you should inform the user about the type of cookies your website uses, how long those cookies will be saved and how these cookies may be removed.

 

4. Decide how you will inform your user, and how you will ask for permission
Opt for a solution that fits you; splash pages, headers, footers or a plug-in from a third party. Every option has its benefits and drawbacks. Considerati can be of service in informing you on all your options.

 

5. Implement your solution
Test and then implement the solution.

 

Questions?

Considerati can provide tailored and detailed advice, and set up the best plan to apply the new Cookie Law to your website. Fore more information contact wagemans@considerati.com.

,

Considerati20150514_-Nathalie0003
Nathalie Falot

Senior Legal Consultant

Related blogs

What to expect from privacy in 2014

2013 was a tumultuous year with regards to privacy. But what can we expect in 2014? Has the privacy...

Read more

ECJ: European Data Retention Directive is invalid

On 8 April 2014, the European Court of Justice ruled that the Data Retention Directive (Directive...

Read more

Like to be emailed about Considerati news?

Then subscribe to the Considerati Newsletter! See our privacy statement.