Finally some definitive policy on cookie tracking that can be used to as
set European standards. Lots of confusion in recent weeks and this goes a long way to fixing up the confusion.
The Article 29 Data Protection Working Party has released an Opinion on Cookie Consent Exemption (adopted 7 June 2012)
(thanks to W3C Pubic Privacy List)
Link to the opinion:
Link to the press release:
Summary and Guidelines On Classifying Cookies:
“This analysis has shown that the following cookies can be exempted from informed consent under certain conditions if they are not used for additional purposes:
1) User input cookies (session-id), for the duration of a session or persistent cookies
limited to a few hours in some cases.
2) Authentication cookies, used for authenticated services, for the duration of a session.
3) User centric security cookies, used to detect authentication abuses, for a limited
4) Multimedia content player session cookies, such as flash player cookies, for the
duration of a session.
5) Load balancing session cookies, for the duration of session.
6) UI customization persistent cookies, for the duration of a session (or slightly more).
7) Third party social plug-in content sharing cookies, for logged in members of a social network.”
The working party recalls that third party advertising cookies cannot be exempted fromconsent, and further clarifies that consent would also be needed for operational purposes related to third party advertising such as frequency capping, financial logging, ad affiliation, click fraud detection, research and market analysis, product improvement and debugging.
(thanks to W3C public policy WG for the good news)