Under European Union (EU) law, the ePrivacy Directive complements the GDPR and sets out specific privacy rights and obligations on electronic communications. The purpose of the ePrivacy Directive – also known as “EU cookie law” - is to protect individuals from having information placed on their devices or accessed on their devices that may interfere with the confidentiality of their communications, and therefore affect their right to privacy. This Directive treats cookie identifiers as potential personal data, highlighting the need for clear user consent and stringent privacy protections, irrespective of whether personal data are involved.

However, it is important to highlight that CERN, as an international organisation, is not subject to national or EU law, including the ePrivacy Directive.

Nevertheless, the analysis of the main principles and requirements of the ePrivacy Directive is considered relevant to benchmark best practices. The recommendations outlined in the Cookies Guidance reflect this understanding.