The cookies crumble – Sérvulo

EU Directive 2009/136/EC, dubbed the “Cookie” Directive, came into law in many European countries in May 2011. The rules state that any organisation using a cookie – a file downloaded onto a computer or mobile device to allow users to access certain websites – must seek consent from the users before installation.

En virtud de la Directiva de “cookies”, que se implementó en mayo de 2011, las páginas web deberán solicitar el consentimiento previo de los usuarios. Las empresas portuguesas cuentan con un plazo adicional, pero también tendrán que realizar los cambios previstos, afirma Rui Simões de Sérvulo.

Under the previous regime, organisations had to inform users how to “opt out” of their automatic cookies. “Most websites tended to bury this information in the small print of privacy policies. Now, instead, companies have to receive explicit clearance from users,” says Rui Simões, a Senior IP Associate with Sérvulo & Associados in Lisbon.
The rules apply to all websites, not just e-commerce, that store or gather information from users. As such, many websites could fall foul of the low-key and untested Directive. The UK’s Information Commissioner’s Office warned in May about the Directive’s hazy definitions. For example, how to evaluate what type of cookies a company uses, how much privacy protection cookies offer, the different ways user consent can get obtained and the use of third-party cookies.
Simões says Portuguese companies should take advantage of additional time to comply with the rules. The country is to hold a general election on June 5th, 2011, following a €78bn EU bailout to plug the holes in Portugal’s public finances, meaning implementation of the Directive is not an immediate concern.
The firm has nonetheless developed a three-step plan for clients in anticipation of the rules, he explains. “The first step is assessment; what cookies, if any, does a website have. Subsequently, companies need to review their website’s privacy policy and identify the risks, and finally correct those aspects that do not comply.” Companies may have extra time to make the changes, he concludes, but they must still be made.