Use of the cookie consent kit is mandatory on each page of the European Commission web presenceDGs and executive agencies owned websites, regardless of the cookies used.
The EU institution must adequately inform users and obtain their consent before setting cookies and any other technology falling within the scope of Article 5(3) of the ePrivacy directive. By default, none of those cookies must be set.
If a website uses site-specific cookies, it requires a dedicated cookie notice page (it must not simply link to the general cookie notice page), listing all first- and third-party cookies with information on their purpose, type of data collected, stored or transmitted by cookies, data retention period, and their legal basis. The page must also provide means for consent management.
In line with Article 5(3) of the ePrivacy Directive, consent is not required for technical storage or access of the following cookies:
Examples of cookies that generally do NOT require consent:
Techniques other than cookies are often used in an attempt to circumvent the data protection related obligations. Therefore, all the following technologies fall under the category cookies and similar technologies:
Cookies and similar technologies that generally DO need consent:
Cookies and similar technologies that generally do NOT need consent:
Exceptionally, Data Protection Authorities consider that, due to the low risk for users, prior consent can be skipped in case of first party cookies used for anonymous, aggregate statistics under specific assumptions and safeguards. The web service must although provide the user with a simple, easy-to-use functionality to “opt out” from analytics.
The EU institution must adequately inform users and obtain their consent before setting cookies and any other technology falling within the scope of Article 5(3)
of the ePrivacy directive. By default, none of those cookies must be set.
Regarding the actual cookies on a specific site, the site owner has to check whether the cookies used are already mentioned on the corporate cookies page. If not, DG COMM should be contacted with an inventory of all first- and third-party cookies providing information on their purpose, the type of data collected, stored or transmitted by cookies, and the lifetime of the cookie.
These procedures are dedicated to external and internal developers and web masters of the European institutions. Consequently, features documented below are tailored to the European Commission's content management systems and internal guidelines.
Implementing user consent should be done by implementing the Cookie Consent Kit.
Directive 2009/136/EC (ePrivacy Directive)
Regulation (EU) 2018/1725 (Data protection regulation for EU institutions)
If you require further assistance, please contact:
Within the European Commission, the first level of contact for any data protection related issues is the DG's Data Protection Coordinator (EU Login required).
For adding new cookies that are not described on the central Cookies policy pages, please contact the team in charge of Europa Domain Management (EU Login required).