A cookie is a small piece of data that a website asks your browser to store on your computer or mobile device. The cookie allows the website to "remember" your actions or preferences over time.
Most browsers support cookies, but users can set their browsers to decline them and can delete them whenever they like.
The EU institution must adequately inform users and obtain their consent before setting cookies and any other technology falling within the scope of Article 5(3) of the ePrivacy directive. By default, none of those cookies must be set.
In case a website uses site-specific cookies, it requires a dedicated cookie notice page (it must not simply link to the general cookie notice page), listing all first- and third-party cookies with information on their purpose, type of data collected, stored or transmitted by cookies, data retention period, and their legal basis. The page must also provide means for consent management.
Exemptions on Europa
In line with Article 5(3) of the ePrivacy Directive, consent is not required for technical storage or access of the following cookies:
- Cookies used for the sole purpose of carrying out the transmission of a communication
- Cookies that are strictly necessary in order for the provider of an information society service explicitly required by the user to provide that service
Examples of cookies that generally do NOT require consent:
- User input cookies, for the duration of a session
- Authentication cookies, for the duration of a session
- User centric security cookies, used to detect authentication abuses and linked to the functionality explicitly requested by the user, for a limited persistent duration
- Multimedia content player session cookies, such as flash player cookies, for the duration of a session
- Load balancing session cookies, for the duration of session.
These procedures are dedicated to external and internal developers and web masters of the European institutions. Consequently, features documented below are tailored to our content management systems and internal guidelines.
Implementing user consent should be done by implementing the Cookie Consent Kit.
This solution provides the following functionalities:
- a wizard to declare your cookies and the link to your cookies notice page
- a corporate consent cookie to remember the choice of the user across websites
- a template for the cookie notice page
Guidelins and References
Directive 2009/136/EC (ePrivacy Directive)
Regulation (EU) 2018/1725 (Data protection regulation for EU institutions)
EDPS Guidelines on the protection of personal data processed through web services provided by EU institutions
Documentation Cookie Consent Kit