Skip to main content
Skip table of contents

EU Legal framework for web tracking

In the EU, two key laws govern web tracking: the ePrivacy Directive (1) and the GDPR (2). Both must be adhered to for compliance with the EU data protection legal framework. 

  1. ePrivacy Directive: setting a cookie

The ePrivacy Directive (§5.3) regulates the use of cookies and trackers on users’ devices. It requires informed consent from a user before a cookie is set on a user device (.i.e information is stored on or accessed from a user device).

As a general rule, using JENTIS on client side requires explicit and informed consent of the end user to comply with ePrivacy / TTDSG requirements.

As an exception to this rule, consent is not required for “technical storage or access for the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network, or as strictly necessary in order to provide an information society service explicitly requested by the subscriber or user.”

It may be possible to configure JENTIS so that the access to and subsequent storage on the end user device may be deemed to fall under this exception from consent on the basis of being technically required or strictly necessary. For example, accessing the user device is required to set the JENTIS Tag Management as a container solution or for the purpose of connecting the website to Consent Management Provider, consent under ePrivacy / TTDSG may not be required.

  1. GDPR: personal data processing

Once cookies are placed, the GDPR governs the processing of any personal data collected via a website. 

Key requirements include:

  • Legal basis: Data processing must be justified by either consent, performance of a contract, or legitimate interest. Legal basis must be documented. 

  • Transparency: Users must be informed about what data is collected, how it is used, and their rights.

  • Controller responsibility: A controller is responsible for determining the legal basis, purposes and means of processing personal data and ensuring compliance with data protection laws, including informing individuals about data use and safeguarding their rights. 

JENTIS may be used to process data on the legal basis of legitimate interest. It is also technically possible to automatically integrate an opt-out possibility via the Consent Management Provider.

JENTIS SaaS offers very broad configuration possibilities. To determine if a specific configuration of JENTIS would require consent under ePrivacy & TTDGS or under GDPR, we strongly recommend to involve your data protection team for a qualified expert opinion.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close