Why are websites suddenly asking me about cookies?

I have for a long time known that websites give me cookies so that small pieces of information can be remembered about my habits, passwords etc. I accept this, but all of a sudden they are asking for my permission to do so.

Why has this changed? What sparked this?


This question was a Super User Question of the Week.
Read the blog entry for more details or contribute to the blog yourself


Solution 1:

The EU e-Privacy Directive, otherwise known as the EU Cookie Law, originally came into place on the 26th of May 2012 and means you, as the site owner/administrator, have to get your visitors' informed consent before placing a cookie (probably related to social media elements or login/tracking systems) on their machine.

If you are a WordPress admin, there is a notification plugin for you to use which looks like this:

enter image description here

There is also a great overview.

According to the above link, it is not just standard cookies.

The law also affects anything that acts like a cookie, for example: Flash Cookies and HTML5 Local Storage.

There are also 'suggested categories' from the same link above (overview):

  • Essential (logins)
  • Non-Essential but harmless (functionality, not essential)
  • Fairly Intrusive (web tracking)
  • Very Intrusive (PII - personally identifiable information)

Solution 2:

The law has changed.

Functional cookies are still allowed, but other cookies now require explicit permission to set. This is something which is decided EU wide after self regulation failed. Each (EU-) country has its own implementation of the new laws, but all follow the same guidelines.

  • If explicitly needed: allowed
  • Else ask for permission.

Here are a few links to relavant articles regarding Cookie Laws:

  • PDF: Aricle 29 Data protection working party
  • The new EU cookie law
  • Websites ignore cookie law (in Dutch)
  • Site to check your site for cookies (in Dutch)
  • OPTA starts checking website for cookielaw (in Dutch)

Solution 3:

It's as a result of the European Union e-Privacy Directive.

You must tell people if you set cookies, and clearly explain what the cookies do and why. You must also get the user’s consent. Consent can be implied, but must be knowingly given.

There is an exception for cookies that are essential to provide an online service at someone’s request (eg to remember what’s in their online basket, or to ensure security in online banking).

The same rules also apply if you use any other type of technology to store or gain access to information on someone’s device.