How should cookies be stored

The implementation of the EU cookie directive in Germany

Previous drafts of the e-privacy regulation accepted General ban on technically unnecessary cookies before, with the exceptionthat users agree to their use in advance. The first draft only spoke of web applications. The version of March 22, 2018 includes all types of machine-supported communication, e.g. apps, e-mail and the collection of metadata for VoIP phone calls. This also applies to the communication between two machines, so-called M2M communication.

The e-privacy regulation should too international providers interested in communication services. Because the regulation stipulates that the regulations apply as soon as a End device within the EU borders is located. It is irrelevant where the data processing of a controlled service takes place.

For example, data protection in the USA is less stringent. Since the scope of the ePrivacy Regulation applies as soon as a terminal device accesses communication services in Europe, American companies will have to consider whether you want to use your offers with regard to cookies localize for Europe and thus be able to place less targeted advertising or whether they might confront customers with a “payment barrier”.

The first draft of the e-privacy regulation required that the manufacturer should generally preset the highest level of privacy in the browser settings. The browser accepts this no third party cookies. This means that the currently widely used cookie banners would no longer apply, as users would have to actively choose to accept cookies each time they install software. This requirement was based on the principle "Privacy by design", Which is already laid down in the GDPR. A more recent draft, however, relaxed the rules for browser settings. This lets users decide from domain to domain whether they allow cookies.

The so-called Coupling ban stipulates that the use of a website must not be made dependent on whether users consent to the use of cookies. There are, however legitimate purposes, which may require necessary cookies. For example, if a user has to authenticate himself for online banking or if he wants to use the shopping cart of an online shop, cookies are often necessary. If website operators provide users with clearly understandable information about the purpose, consent and use can be linked.