The Court of Justice of the European Union (the ‘CJEU’) has recently delivered an important judgement on the storage of cookies and the requirement of active consent from internet users. It sets an important legal precedent in the ePrivacy area. This article provides a brief overview of the case and takes a look at the key takeaways from the CJEU’s judgement.
The internet is something which we cannot live without today and website browsing has become an inherent activity in our everyday lives. We are increasingly being bombarded with information, mainly in the form of adverts, which to most of our surprise contain information about services and products of companies which we then realise we would have recently looked up on the internet. This phenomenon is made possible by a minuscule text file which has been stored on a website user’s device, commonly known as a “cookie”. These cookies are generated by web servers when one accesses an internet page and gathers various types of information used for different purposes, but largely for tracking a user’s activity while browsing the internet.
This is deemed to be an interference in the right to private life. It is, in fact, the aim of European Union (the ‘EU’) legislation on electronic communications, to provide protection to a website user against any interference with his or her private life, in particular from the risk of hidden identifiers or other similar devices, such as cookies, from entering a users’ terminal equipment without their knowledge.
In the Case C-673/17 Bundesverband der Verbraucherzentralen und Verbraucherverbände ̶ Verbraucherzentrale Bundesverband eV v Planet49 GmbH, (the ‘Planet49 Case’), the CJEU dealt with such an issue. It interpreted legal provisions in the electronic communications privacy context; Directive 2002/58/EC (the ‘e-Privacy Directive’) which are to be read in conjunction with the provisions of Directive 95/46/EC, now the infamous Regulation (EU) 2016/679 (the ‘GDPR’).