A bit more nuance on "opting in" for cookies in Europe

We have received a dozen calls about the new “consent for cookies” language in the amended EU ePrivacy Directive.  Most press coverage has focused on a US centric perspective – the law was “opt-out” and now the standard will be “opt-in”!  Well, data protection law and policy  in Europe is more complicated than opt-in or opt-out.  In fact, some leading European thinkers will barely accept the notion of consent at all, as a basis for uses of data that are not otherwise ‘legitimate” or “proportionate” (Leading French Belgian privacy academic Professor Yves Poullet made this point last week to the Madrid Conference of data protection commissioners from around the world, with substantial agreement from many in the room).  Many national regulators, if asked, would have told you that the previous law already required an opt-in for certain kinds of cookie and data use.  So the situation is more nuanced, and if we can find a spare hour over the weekend, we will try to write something up.

One article that is a more informed read is this post from our friend Wim Nauwelaerts , a Brussels based privacy lawyer at Hogan & Hartson.  Check it out!