VAUNET position paper on the application of the so-called „EU Cookie Guideline“

Art. 5 (3) of the ePrivacy Directive (known as the „EU Cookie Directive“) sets out requirements for protection against read and write access to end devices, such as when „cookies“ are stored in web browsers. The directive requires that the storage of and access to information stored in smartphones and laptops, for example, requires user consent, unless storage or retrieval is absolutely necessary for the provision of the service.

The EDPB has now concretised its interpretation of these minimum requirements in guidelines based on a very broad understanding. According to this, Art. 5 para. 3 is also applicable if information is sent from the end device to, for example, website operators on the basis of general communication standards.

VAUNET welcomes the objective of protecting the privacy and integrity of end devices as comprehensively as possible. However, it also warns of the associated risk of making the exchange of information (HTTP header request), which is essential for communication on the Internet, subject to user consent.

This would lead to data protection requirements for the dissemination of media content that would inhibit action and be almost impossible to overcome, as it would be virtually impossible to obtain consent before each individual connection, for example. In addition, there is a risk of a large number of new content banners being created and the question of when it is still „absolutely necessary“ to access video content on websites being reviewed by the authorities.

The association also points out that the interpretation of the EU Cookie Directive must take into account the legitimate interest of media providers in refinancing their offerings to ensure diversity of opinion and media. The interpretation of the EDPB could also have a negative impact in this respect in view of the growing requirements for the use of advertising technologies in compliance with data protection regulations.