Contents
Cookies are mentioned only once in the GDPR (General Data Protection Regulation), but the repercussions are significant for any organisation that uses them to track users’ browsing activity. In short: when cookies can identify an individual via their device, it is considered personal data.
What is sensitive personal information under CPRA?
This harms-based concept is present under the CPRA, where “sensitive personal information” is defined as any personal information that reveals an individual’s: Government ID — a consumer’s Social Security, driver’s license, state identification card, or passport number.
What do you need to know about the EU Cookie Law?
In this article, we look at the ePrivacy Directive – also known by the name “EU cookie law”. What is the EU cookie law? The EU cookie law, known also by its official name the ePrivacy Directive, is a vital piece of legislation to ensure data privacy in the European union, an effort to secure EU citizens’ privacy online.
What kind of Technology is covered by the cookie law?
There are other technologies, like Flash and HTML5 Local Storage that do similar things, and these are also covered by the legislation, but as cookies are the most common technology in use, it has become known as the Cookie Law. All websites owned in the EU or targeted towards EU citizens, are now expected to comply with the law.
As an EU directive, member states were forced to make their own provision as to how this ruling was implemented. This meant that the cookies enforcement directive got off to inauspicious start, being implemented severely in some countries and not at all in others. In the past year or so, cookies notifications have become more commonplace.
The ePrivacy Directive states that no cookies and trackers must be placed before prior consent from the user, besides those strictly necessary for the basic function of a website, i.e. that a website has to hold back all cookies, regardless of whether they contain personal data or not, until a user consents.