1. Definition of cookies
Cookies are small files placed on a subscriber's or user's computer which allow information about the user to be gathered. Cookies are typically used by e-commerce websites in order, for example, to remember certain user settings, such as language, or make the website more user-friendly (e.g. the content of a shopping cart will remain available when the user leaves the webpage).
Cookies can also be used for a variety of other purposes, such
as monitoring the user's internet behaviour in order to send
targeted advertisements (so-called behavioural advertising) or for
analytical purposes (e.g., analysis of the most visited pages on a
website, the success of an advertising campaign, etc.).
2. Previous rules
Until 4 August 2012, the Electronic Communications Act ("ECA") provided that the storage of and access to information (e.g., using cookies) on a subscriber's or user's computer were only allowed if:
- the user was provided with information about the use and purpose of the cookies, pursuant to general data protection legislation; and
- the user was given an opportunity to block cookies.
3. New rules
Following an amendment to the E-Privacy Directive 2002/58/EC, Belgium amended the ECA to incorporate the new rules.
Pursuant to these new rules, the storage of and access to information (e.g., using cookies) on a subscriber's or user's computer are now subject to the following conditions:
- the subscriber or user has given his or her consent to allow cookies, after having received the abovementioned information.
The subscriber or user must also have the possibility to further block cookies in a user-friendly way.
4. Exceptions to consent
The amended ECA provides that the subscriber's or user's prior consent is not necessary in two situations:
- the cookies are used for the sole purpose of transmitting a message over an electronic communications network; or
- the cookies are strictly necessary in order to provide an information society service expressly requested by the user.
In an opinion of 7 June 2011, the Article 29 Working Party (a European advisory group composed of representatives from national data protection authorities in the EU) commented on these two exceptions and concluded that, provided certain requirements are met, a series of cookies can benefit from the exceptions (e.g. session cookies that keep track of the content of a shopping cart, identify the user after he or she has logged in, or store a user's preferred settings such as language).
The Working Party is also of the opinion that certain cookies cannot benefit from the consent exceptions, mainly third-party advertising and analytical cookies, such as Google Analytics. For these types of cookies, prior consent will still be necessary.
The new rules entered into force on 4 August 2012. The amended ECA does not provide for a transition period, meaning websites should, in principle, have complied with the new rules since the above date. It is not yet clear whether, in practice, regulators will give businesses a reasonable period of time within which to amend their practices.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.