ePrivacy (EU Cookie) Directive Update

Screen Shot 2017-01-17 at 10.13.58 AM

On January 10, 2017, the European Commission released a proposed Regulation on Privacy and Electronic Communications (the “ePrivacy Regulation”) to replace the ePrivacy Directive (the “EU Cookie Directive”) to better align with the newly adopted EU General Data Protection Regulation and its Digital Single Market Strategy.

Over the past 18 months, the European Commision reviewed the ePrivacy Directive by conducting evaluations, consultations, and an impact assessment. The results informed the proposed Regulation.

TRUSTe has followed enforcement of the ePrivacy Directive (“EU Cookie Directive”) in both rounds of compliance inspections. As noted in this advisory, one of the big changes in the proposed Regulation will be more severe non-compliance fines and penalties than seen in the past. TRUSTe will continue to provide updates as this proposed Regulation goes through the EU legislative process.

The January 2017 TRUSTe Client Advisory Note was prepared by Josh Harris, Director International Regulatory Affairs, TRUSTe; and, by Joanne Furtsch, CIPP/US, Director of Policy & Data Governance, TRUSTe. It provides an overview of the proposed ePrivacy Regulation including: key changes between the existing Directive and the proposed Regulation; practical implications of the proposed Regulation, and timing. The Advisory also includes a list of key takeaways to help your company decide its next steps.

If you would like a copy of this latest Client Advisory Note then look out for your copy via e-mail today or contact TRUSTe at 1-888-878-7830.



Round II of EU Cookie Compliance Inspections


By Helen Huang, Senior Product Manager

In September 2014, the French Data Protection Authority, CNIL conducted a “cookie sweep” to review compliance with the EU Cookie Directive and published a combined analysis from 8 DPAs, including the Czech Republic, Denmark, France, Greece, The Netherlands, Slovenia, Spain, and the UK. The “cookie sweep” involved the CNIL conducting onsite and remote inspections to evaluate compliance with the latest EU cookie standards. The 2014 cookie sweep findings showed that many companies’ websites did not comply because insufficient notice and valid consent were being given to and/or sought from visitors. Many websites subsequently put in place compliance solutions as enforcement and possible fines continue to be very real. Details about the results of the initial sweep can be found here.

With the upcoming expanded and stricter consent requirements under the General Data Protections Regulation – the GDPR, as well as anticipated amendments to the EU Cookie Directive, it is worth paying closer attention to the actions and next steps needed to come into compliance with EU regulations.

On July 27, 2016, the CNIL announced a new round of cookie sweeps and cookie enforcement actions that will focus on specific industries: Ad Tech, Social Media and Analytics companies. The French Data Protection Authority recognizes the complexity of the online advertising ecosystem, and holds both publishers and their processors responsible for activity on a website.

Publishers should provide more information on the ad tech, social media and analytics partners they work and share data with, the nature of data collected and processed by them and the rights of the data subjects to object.

In terms of next steps, publishers partners should also “(i) assess their current cookie compliance strategy, (ii) update their publisher terms (where required) and (iii) equip publishers with actionable tool kits containing for instance FAQs, template end-user wording and means to object.” With CNIL as the lead DPA, companies should still expect different degrees of strictness and various ways to implement the consent mechanism in each EU member state.

When developing your cookie compliance strategy, one of the most critical requirements is to provide proper Notice, Consent, and Choice to visitors. Launched in 2011, TRUSTe Cookie Consent Manager has continued to keep pace with evolving laws and regulations, and has been enhanced to tackle the complex landscape and varying requirements of the EU countries. TRUSTe has deployed hundreds of cookie consent solutions for many of the world’s most recognized brands, enabling them to comply with the EU Cookie Directive. Click here to see a live demo and learn more about why TRUSTe Cookie Consent Manager is the trusted data privacy solution.

If you have any questions about consent requirements under the EU Cookie Directive or GDPR, please contact TRUSTe to learn more about how we can help.


Google AdSense Policy Now Requires Publishers to Obtain Consent from EU Visitors

This week Google announced it will be implementing a new user consent policy. Essentially, this new policy requires all websites serving EU visitors, including those not based in the EU, to comply with the EU Cookie Directive. Google posted the notice on its official AdSense blog.

In 2009 an amendment to an existing EU directive (the so-called Cookie Directive) introduced a requirement that companies provide “clear and comprehensive information” to users about the types of tracking technologies used on websites, including a way for users to “consent” to any cookies which are not “strictly necessary” for the delivery of an online service. The majority of EU Member States have now adopted their own Cookie Laws implementing the requirements of the Cookie Directive.

Here’s what AdSense has to say about this new policy:

Why are we doing this?

European Union data protection authorities requested some changes to current practices for obtaining end user consents. It has always been Google’s policy to comply with privacy laws, so we’ve agreed to make certain changes affecting our own products and partners using Google products.

What do you need to do?

If your websites are getting visitors from any of the countries in the European Union, you must comply with the EU user consent policy. We recommend you start working on a policy-compliant user consent mechanism today. There’s guidance from data protection authorities and IABs across Europe on what is required to comply with relevant laws; the IAB’s IAB Europe Guidance: Five Practical Steps to help companies comply with the E-Privacy Directive is a good place to start.


TRUSTe Helps IDG UK Earn The Trust Of Their Users And Deliver Best Practice In The Marketplace

IDG UK is the UK’s leading technology media company. Its brands span the tech media landscape across the enterprise, SMB and consumer sectors, making IDG UK the primary and most trusted reference source for technology news and trends in the UK. The company is part of IDG global, the world’s leading technology media, events and research company.

In early 2012, like every website owner in the UK, IDG UK faced the challenge of achieving compliance with the ‘Cookie Directive,’ which requires companies to obtain informed consent before placing tracking technologies on a consumer’s computer or mobile device.

A major online operator with eight web properties serving over 30 million ad impressions monthly, IDG UK decided not just to comply by the May 26th deadline, but to deliver best practices in the marketplace.

Dawn Briddon, IDG UK’s Chief Marketing Officer, said:

“TRUSTe clearly stood out from the crowd as the best partner, for several reasons. It was clear from the start that they didn’t see themselves as just a solutions provider but also a privacy consultant who was there to help us as a business identify the best privacy strategy and approach.”
“Their intricate knowledge of privacy legislation and the fact that they were in dialogue directly with the regulators such as the ICO [Information Commissioners Office] gave me a confidence, I hadn’t had up to that point, that we had found exactly the right approach.”

“TRUSTe’s Website Monitoring Service ensures we are identifying and disclosing dynamically all of the cookies operating on our sites. In addition, this service gives us a thorough insight as to who is dropping what cookies on our site and the control to identify anything that we aren’t happy with.”

“The TRUSTed Consent Manager provides users with full control and visibility on how their data is being used at any given time, and they can manage their preferences in exactly the way they want. It is a really user friendly tool and provides a lot of transparency about what we’re doing.” (more…)

Catch Us If You Can – April 2013

Melissa Pereira

Director of Corporate Communications | TRUSTe


TRUSTe's exibition as part of the Ad:tech tradeshow.

———April 9 -10

We kick-off April at Ad:Tech in San Francisco’s Moscone Center West. Stop by TRUSTe’s booth, #2215 to meet the TRUSTe team and learn more about how we’re providing leading privacy management solutions to the advertising ecosystem.

Catch a live demo of the TRUSTe Website Tracker Monitoring Service, an innovative monitoring product, which helps customers get detailed insight on the tracking technologies (such as cookies, flash cookies, pixels, web beacons and scripts) on their websites or ads. Receive a free scan report of your domain and learn how this product offers clients fully customizable scans, website performance analysis and immediate tracker alerting to name a few.

To celebrate our exciting new partnership during #Ad:tech SF, we’ll be hosting an invite only networking party with Nexage on Tuesday from 7-10pm at John Colins, San Francisco.

Join TRUSTe on Wednesday, April 10 at the Future of Privacy+Innovation event TRUSTe VP of Product Kevin Trilli will speak at the this UC Hastings Privacy and Technology Project event with Keynote Speaker Kamala D. Harris, California Attorney General at the Runway Workspace, San Francisco. (more…)