The Article 29 Working Party (composed of representatives of data protection supervisory authorities from EU member states) issued on 17th February 2015 a press release on a study on the use of cookie modules (small files, comprised of letters and numbers, stored on users’ computer, mobile phone or of other equipment used to access the internet).
At the end of 2014, 478 websites frequented by European users were subject to verifications in order to check compliance with the provisions of Directive 2002/58/EC, as modified by Directive 2009/136/EC. These directives were transposed into national law through Law no. 506/2004 on the processing of personal data and the protection of private life within the electronic communications’ sector, as modified and amended through Government’s Emergency Ordinance no. 13/2012.
In accordance with the provisions of article 27 of Law no. 677/20001 on the protection of individuals with regard to the processing of personal data and the free movement of such data, with the subsequent modifications and amendments, the National Supervisory Authority for Personal Data Processing carried out in 2015 investigations on the observance of the conditions of processing personal data as provided by Law no. 506/2004, modified and amended.
The activities of the main telecommunication services providers were the object of these investigations on the use of cookie modules on their own websites. Following these investigations sanctions were applied to a total amount of 68.500 lei for the offence provided in article 13 paragraph (1) letter i) and cumulatively failing to observe the conditions provided in article 4 paragraph (4) of Law no. 506/2004, as modified and amended.
The National Supervisory Authority also informs that similar themed investigations were carried out at data controllers in both the public and private sector. The NSAPDP applied sanctions on each occasion it noticed the offence provided by article 13 paragraph (1) letter i) of Law no. 506/200, as modified and amended.