WEBGUIDE

Page tree

Versions Compared

Old Version 6

changes.mady.by.user Deborah FORSYTH

Saved on

compared with

New Version 7

changes.mady.by.user Alice BOURROUET

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Rules

Warning

Use of the cookie consent kit is mandatory on each page of the European Commission web presence, regardless of the cookies used.

Purpose

The EU institution must adequately inform users and obtain their consent before setting cookies and any other technology falling within the scope of Article 5(3) of the ePrivacy directive. By default, none of those cookies must be set.If a website uses site-specific cookies, it requires a dedicated cookie notice page (it must not simply link to the general cookie notice page), listing .

Rules

For all Commission owned websites within the europa.eu domain, consent is managed centrally on domain level by implementing the Cookie Consent Kit. The consent indicated via the mandatory cookie consent kit covers the domain europa.eu.

All cookies within the europa.eu domain, placed by Commission-owned websites, are described on the Commission central cookie policy page: https://ec.europa.eu/info/cookies_en

Regarding the actual cookies on a specific site, the site owner has to check whether the cookies used are already mentioned on the corporate cookies page. If not, DG COMM should be contacted with an inventory of all first- and third-party cookies with providing information on their purpose, the type of data collected, stored or transmitted by cookies, data retention period, and their legal basis. The page must also provide means for consent management.

Exemptions on Europa

In line with Article 5(3) of the ePrivacy Directive, consent is not required for technical storage or access of the following cookies:

  • cookies used for the sole purpose of carrying out the transmission of a communication
  • cookies that are strictly necessary in order for the provider of an information society service explicitly required by the user to provide that service

Examples of cookies that generally do NOT require consent:

  • user input cookies, for the duration of a session
  • authentication cookies, for the duration of a session
  • user-centric security cookies, used to detect authentication abuses and linked to the functionality explicitly requested by the user, for a limited persistent duration
  • multimedia content player session cookies, such as flash player cookies, for the duration of a session
  • load balancing session cookies and other technical cookies, for the duration of session
  • user interface customisation cookies, for a browser session or a few hours, when additional information in a prominent location is provided (e.g. “uses cookies” written next to the customisation feature)

...

the lifetime of the cookie.

Procedure

These procedures are dedicated to external and internal developers and web masters of the European institutions. Consequently, features documented below are tailored to the European Commission's content management systems and internal guidelines.

Implementing user consent should be done by implementing the Cookie Consent Kit.

The cookie consent solution is a JavaScript‑based kit that, after some site‑specific configuration, will automatically add a header banner to the page. This header banner will disappear once the user has accepted or refused the cookies used on the website.

This solution provides the following functionalities:

  • JavaScript to display automatically the header banner in 24 languages
  • a wizard to declare your cookies and the link to your cookies notice page
  • a JavaScript API with methods and functions that help to prevent prior storage of cookies
  • a corporate‑consent cookie to remember the choice of the user across websites
  • a template for the cookie notice page

...

Directive 2009/136/EC (ePrivacy Directive)

...