: Does the EU cookie law apply to an EU site that is hosted outside of the EU? I have been reading up about this EU cookie law, and have also had in depth conversations with my girlfriend
I have been reading up about this EU cookie law, and have also had in depth conversations with my girlfriend who is a solicitor/lawyer and with colleagues while building websites. While we are now working towards implementing a way to abide by the EU law, I have thought of something which no one really knows the answer to and has caused a few arguments.
It's my understanding that any website in the EU must abide by these cookie laws, which is understandable. However, say if I were to have a .co.uk or .eu domain name pointing to a website which is hosted in America for example, do I still need to abide by the EU laws even though the website is hosted outside of the EU? One person I have asked has said that because the domain name is .co.uk or .eu (a European TLD) then the website is still accountable under EU law. Another person I have asked has said because the actual website is held outside of the EU, it doesn't actually have to bother with this law.
More posts by @Shakeerah822
7 Comments
Sorted by latest first Latest Oldest Best
In 2015, Belgium applied the law to Facebook. This means that as a country they were unhappy with a cookie which was tracking non-users of the site.
It's an example of a highly intrusive cookie that the country felt shouldn't be applied to non-users.
The Belgian Privacy Commissioner had used the EU law to file the complaint with a fine of 250,000 Euros per day for noncompliance. Facebook have since changed the cookie behaviour for Belgian internet users only.
Facebook have offices in Europe therefore they are under European law. Therefore another privacy commission in the EU could apply the law against Facebook as Belgium have.
If you are are based in the EU you must comply, regardless of your data center being from outside the EU.
It is down to the EU states own privacy/information commissioner to apply the EU law.
Who is affected by the EU cookie law? Answer: any website serving to visitors from the EU.
Source:
We're outside of the EU, are we affected?
The law is designed to protect the privacy of individuals within the
EU. In theory, this means that any website that serves EU citizens,
has to comply with respect to those citizens, regardless of who owns
the website.
In practice, as enforcement is on a country by country basis, any
company which has no legal EU presence, is going to be very hard to
pursue a case against.
This is one reason that a lot of commentators have suggested it hands
advantages to non-EU businesses. A website owned by a US company can
avoid the law and still serve content to the EU, whilst gathering
better information about visitors and enabling them to avoid
compliance notices.
Well if you don't live in the EU or do business in the EU, and unless the country you live in is going to extradite you, it doesn't matter if the EU courts try to fine you...just ignore it (and don't go to Europe).
As I understand the law, it only applies if your business is located in the EU, or of course if your business owns subsidaries in the EU. The only reason Microsoft would have to comply with EU laws is because they have offices and stores and are registered as a corporation in probably all of those countries. If, for instance, your company has one office and it's located in America, there's nothing the EU can do no matter what they say.
Actually it applies to every website in the world, in theory, if they deal with customers in the EU. Theoretically any website is liable.
I will say it depends on where the business responsible for the site is based on. A few month ago I run into troubles with a well known Third party advertisement service (not Google) and for you to have an idea the Data Protection Commissioner (Information Commissioner's Office) could not reach them or even demand them to hand over certain information simply because in their T&C they state that any legal proceeding should be carried on the country from where they are based.
They are not required to comply with local or EU laws, but yes they can operate an .ie or in your case an .co.uk domain name, they can even host the site in your country, the thing is where they are based.
There is a massive gap due to the fact that the ones writing these rules don't know how to send an email... Today, a business can be registered in India (due to low tax) have a website hosted in US (good price) and operate a .co.uk domain name (their target audience).
"An organisation based in the UK is likely to be subject to the
requirements of the Regulations even if their website is technically
hosted overseas."
The "based" is too vague and poor, based as in registered business ? Hosted ? Domain name ? Target audience ?
All this without thinking that instead of a .co.uk you can operate a .com that is just targeted for people in the UK.
In my opinion IF you have a .co.uk and you are "based" on the UK (as in living there) you should follow the laws just because is easy to find out who owns the domain name, and maybe where is hosted.
IF the site under a .co.uk, is hosted outside AND they can't find where you are "based" (as in you are not living there) You can avoid to comply with these rules.
The fine can be a maximum of 500,000£ IF you know that you where doing something wrong and the level of the wrong dong was such that was causing distress among your users.
• Monetary penalty notice: a monetary penalty notice requires an
organisation to pay a monetary penalty of an amount determined by the
ICO, up to a maximum of £500,000. This power can be used in the most
serious of cases and if specific criteria are met, if any person has
seriously contravened the Regulations and if the contravention was of
a kind likely to cause substantial damage or substantial distress. In
addition the contravention must either have been deliberate or the
person must have known or ought to have known that there was a risk
that a contravention would occur and failed to take reasonable steps
to prevent it.
In my own experience the website was not accountable because was and I quote "... outside of EU jurisdiction..."
The UK Information commisioner says in their guidance document on cookies:
"An organisation based in the UK is likely to be subject to the
requirements of the Regulations even if their website is technically
hosted overseas."
So it depends on where you are based, not where you are hosted.
No one will actually be able to answer this until there is a test case in front of a court, then there is a separate question of how enforcement will work.
I would suspect that the likely outcome of any case will be that any website
hosted on a European domain name or server will be covered by the law, and this will be
enforced by the registries.
Equally I suspect that anyone with a business entity, tax base, or whose
primary customer base is within the EU will also be covered by the law.
Facebook and Microsoft have both been subjected to EU laws on privacy and competition despite being mainly US based companies with European subsidiaries.
In short, it's probably much easier and less costly to comply with the law than work out if you have to comply with the law!
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.