cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
2012
Newcomer II

GDPR and Getting Consent from end users on the use of Cookies and PII

Hello All,

 

Now that under GDPR Cookies and Ip addresses come under PII, any advice from those who have implemented GDPR-related changes in their organization on the following:

 

1. Most sites now rely on the use of cookies to identify if the user is a first time user or not. Authenticated users are 'cookied' to verify on-repeat visits. Does an org have to get an explicit consent on the use of cookies at their web site on the first visit and the policy on the use of cookies including the use of third party cookies the org may utilize for analytics?. Do we need to store the data subject's consent to the use of cookies once the user's identity is known to the org (i.e, after the user has signed up for a service)?

 

2. When collecting PII, most web sites have the users click on a check for on Terms and Conditions. Is a separate check box needed to get consent from the user on the user of their PII data? The page where PII is collected and where the user logs in later on will also have a Privacy policy that will include statements on the legal basis for collecting, processing and storing, sharing with third parties and their rights on the PII. 

 

Any comments on the above will be greatly appreciated.

 

Thank you.

2 Replies
flyingboy
Newcomer III

Other than GDPR requirements, all businesses in the European Union (EU) must comply with the 2009 E-Privacy Directive (EU Cookie Directive).Obtain consent before sending information through cookies. This law requires websites to obtain consent from visitors to place cookies which store or retrieve information on a computer or other web connected device.

 

In January 2017, the European Commission published a draft ePrivacy Regulation as part of a process to replace the current ePrivacy Directive, aiming to consolidate member state implementation and align with the General Data Protection Regulation, which comes into force in May 2018. In its latest, the full plenary of the European Parliament has voted to move forward with the its version of ePrivacy Regulation and enter into negotiations with the EU Council and EU Commission on a final text of the legislation.

 

When implementing cookies in our deployments, we will need to watch this space in meeting all EU requirements.

 

 

Best regards.

2012
Newcomer II

Thank you. I will browse through the ePrivacy regulation.