Despite some inaccurate press, the revised text of the ePrivacy directive does not require an opt-in for cookies. However, the text of the revised directive may be misunderstood especially if the preamble of the new directive is not transposed into national law. So national governments need to take great care when implementing the new law, in order not to jeopardise the development of the Internet and the information society.
In its Article 5(3), the ePrivacy directive outlines strong safeguards to protect users from unwanted software such as adware, junk, or even viruses and spyware, requiring software vendors to seek their consent.
So now, if a user configures his or her browser to accept only cookies from certain websites, or automatically delete cookies when closing a browser, these settings will be sufficient as expressing the wish of the user. Websites technologically rely on browsers and other applications for cookie management. The current directive had a blind spot in this regard as it did not explicitly recognise cookie control tools as a way to comply with the law. The new directive clarifies this, but it's important that implementation into national laws follows the letter and spirit of this goal.