CookieLaw Blog October 16, 2015

Safe Harbour and Cookie Compliance

safe harbour small

As almost everybody with an interest in privacy will know by now, the European Court of Justice has recently declared the EU-US Safe Harbour mechanism invalid.  This has been widely used to manage the transfer of personal data from the EU to the US in the last 15 years.  Right now there is a huge uncertainty about what it means for business, and there is a lot of coverage both in the privacy world and mainstream media about the issue.

However, I don’t think anyone has given much thought to the impact on cookie compliance – until now.

Cookies are nothing more than a mechanism for transferring data between the client (end user device) and host server. If the website visitor is in the EU, and the cookie host server is based in the US, then there is a de facto transfer of data to the US. 

Of course, you might think you are hosting your website in the EU, so you are fine.  However, we know that most cookies on websites are actually third party (80% on average according to Cookiepedia).  These are the result of integrating software services and functionality into the site from a multitude of providers.  The vast majority of these services come from US based companies, and therefore most of the data transfer happening in an EU website, it likely to be to the US.

With cookies being read by servers every second, there are billions of these data transfers happening every single day.  So the bottom line is – any business with a website is potentially impacted by the Safe Harbour ruling.

Recent Posts


January 13, 2017
Future of EU Cookie Compliance Webinar: ...

GDPR and now the proposed E-Privacy Regulation mean a stricter regime for cookie compliance, web governance and use of online tracking technologies. Join p...

View Article
Recent blog thumbnail
December 14, 2016
Draft EU ePrivacy Regulation Leaked...

A draft of the proposed legislation to replace the outdated EU ePrivacy Directive was leaked on the Politico.eu (PDF) website this week. The proposal is fo...

View Article
Recent blog thumbnail
November 3, 2016
GDPR Compliance Means Cookie Notices Mus...

Are you one of those people that ticked the cookie law box ages ago and not thought about it since? Well the game has changed and now is the time to re-vis...

View Article
Recent blog thumbnail
September 21, 2016
Optanon Acquired by OneTrust...

We are pleased to announce that Optanon, along with parent company Governor Technology, has been acquired by OneTrust....

View Article

Be in the Know

Subscribe to our newsletter