What is the cookie law in South Africa? Many people ask us because the law relating to cookies is such a big issue in many other countries. Do you need to get a user’s (aka data subject’s) consent before using cookies? Are there any specific regulations?
What are cookies and why are they used?
Cookies make your life as a website user much easier because you do not have to log in every time you visit the same page. Your online experiences will be personalized to your preferences.
Types of cookies
There are different types of cookies saving different information and for different periods of time.
Period cookies are deleted at the end of a web sessions, while persistent cookies have a pre-determined expiry date and will appear until the expiry date is reached.
Does POPI apply?
POPI does not explicitly mention cookies, but POPI applies because:
a cookie can contain personal information,
the definition of personal information includes an online identifier, or
one of the duties of the Information Regulator is to monitor the use of unique identifiers (which includes cookies).
What about my personal information?
Cookies store certain personal information you provide on a website. This personal information can be processed if done so in accordance with the conditions of POPI.
Cookies do not generally store credit card information and account numbers but if they do the information must be protected securely.
Cookies only store information from your browser, they cannot access data on your hard drive. Cookies are text files that cannot transfer viruses to your computer or mobile device.
cookie lawEU ePrivacy Directive
The EU ePrivacy Directive (as amended by Directive 2009/136/EC) requires a data subject to give prior informed consent.
EU ePrivacy Directive Article 5(3) says, “the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information”
The Directive is not a law but failure to follow the directive will lead to action taken against the Member state. Member states must implement the directive into local laws.
This is contrary to the current South African position where consent is not needed.
South African cookie law position?