A cookie is a small piece of data that a website asks your browser to store on your computer or mobile device. The cookie allows the website to "remember" your actions or preferences over time.
Most browsers support cookies, but users can set their browsers to decline them and can delete them whenever they like.
remember users' custom preferences
help users complete tasks without having to re‑enter information when browsing from one page to another or when visiting the site later.
Cookies can also be used for online behavioural target advertising and to show adverts relevant to something that the user searched for in the past.
How are they used?
What are the different types of cookies?
A cookie can be classified by its lifespan and the domain to which it belongs. By lifespan, a cookie is either a:
session cookie which is erased when the user closes the browser or
persistent cookie which remains on the user's computer/device for a pre-defined period of time.
As for the domain to which it belongs, there are either:
first-party cookies which are set by the web server of the visited page and share the same domain
EU legislation on cookies
EUROPA websites must follow the Commission's guidelines on privacy and data protection and inform users that cookies are not being used to gather information unnecessarily.
The ePrivacy directive – more specifically Article 5(3) – requires prior informed consent for storage ofor access to information stored on a user's terminal equipment. In other words, you must ask users if they agreeto most cookies and similar technologies (e.g. web beacons, Flash cookies, etc.) before the site starts to use them.
For consent to be valid, it must be informed, specific, freely givenand must constitute a real indication of the individual's wishes.
However, some cookies are exempt from this requirement. Consent is not required if the cookie is:
used for the sole purpose of carrying out the transmission of a communication, and
strictly necessary in order for the provider of an information society service explicitly required by the user to provide that service.
user‑input cookies (session-id) such as first‑party cookies to keep track of the user's input when filling online forms, shopping carts, etc., for the duration of a session or persistent cookies limited to a few hours in some cases
authentication cookies, to identify the user once he has logged in, for the duration of a session
user‑centric security cookies, used to detect authentication abuses, for a limited persistent duration
multimedia content player cookies, used to store technical data to play back video or audio content, for the duration of a session
load‑balancing cookies, for the duration of session
user‑interface customisation cookies such as language or font preferences, for the duration of a session (or slightly longer)
third‑party social plug‑in content‑sharing cookies, for logged‑in members of a social network.
Use on EUROPA
If you think a cookie is essential, ask yourself how intrusive it is: what data does each cookie hold? Is it linked to other information held about the user? Is its lifespan appropriate to its purpose? What type of cookie is it? Is it a first or a third‑party setting the cookie? Who controls the data?
Evaluate for each cookie if informed consent is required or not:
first‑party session cookies DO NOT require informed consent.
first‑party persistent cookies DO require informed consent. Use only when strictly necessary. The expiry period must not exceed one year.
all third‑party session and persistent cookies require informed consent. These cookies should not be used on EUROPA sites, as the data collected may be transferred beyond the EU's legal jurisdiction.
Before storing cookies, gain consent from the users (if required) by implementing the Cookie Consent Kit in all the pages of any website using cookies that require informed consent.
why cookies are being used, (to remember users' actions, identify users, collect traffic information, etc.)
if the cookies are essential for the website or a given functionality to work or if they aim to enhance the performance of the website
the types of cookies used (e.g. session or permanent, first or third‑party)
who controls/accesses the cookie‑related information (website or third‑party)
that the cookie will not be used for any purpose other than the one stated
This solution provides the following functionalities:
a wizard to declare your cookies and the link to your cookies notice page
a corporate‑consent cookie to remember the choice of the user across websites
a template for the cookie notice page.