Europe's top law-making body is working to bring its websites into line with the cookie-tracking laws it enforces on other entities.
Legally, the European Commission and the other European Union institutions, such as the Parliament, are not bound by the same data protection rules that apply to commercial companies.
Under the ePrivacy Directive, which was updated in 2009, web companies must obtain "explicit consent" from internet users before installing cookies on a computer to remember login details and other preferences relating to a particular website.
The only exception from the consent rule is if cookies are "strictly necessary" for a service explicitly requested by the user, for example, when a user clicks the "add to basket" button to buy goods from a website or asks it to remember language preferences.
But the law covering EU institutions dates from 2001, before the cookie and tracking rules were introduced. Commission officials said yesterday, however, that they are committed to updating their internal rules to bring them into line with the new rules on data protection.
"In the meantime, the Commission is working to ensure that all of its sites already comply with ePrivacy rules on cookies. The DG Justice website, for instance, is already fully compliant with the new rules," said a Commission spokesman.
The European Data Protection Supervisor, Peter Hustinx, said at the start of the week that he was working to prepare technical guidelines on tracking. He also said that Commission and Parliament data protection officers are also working on this.
"There is perhaps also a sense that the existing rule in the ePrivacy Directive is a bit too general and should distinguish between what is worrisome and what is less worrisome. However it is a situation that needs to be addressed," said Hustinx.