European Union: EU Privacy Regulations: Consent Requirements In An On-Line Environment.

Last Updated: 6 November 2013
Article by Felix Hofer

1. The Privacy Regulations in force within the European Union are currently contained in two Directives: (a) the original Data Protection Directive (No. 95/46/EC of 24 October 19952 "on the protection of individuals with regard to the processing of personal data and on the free movement of such data"), (b) the ePrivacy Directive, adopted a few years later (No. 2002/58/EC of 12 July 20023) with the specific intent to regulate "the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications)".

Both Directives provide for a strict opt-in system and therefore require that "... that personal data may be processed only if: (a) the data subject has unambiguously given his consent" (so Article 7 of Directive No. 46/1996) and set (b) that " ... the use of electronic communications networks to store information or to gain access to information stored in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned is provided with clear and comprehensive information in accordance with Directive 95/46/EC, inter alia about the purposes of the processing, and is offered the right to refuse such processing by the data controller. This shall not prevent any technical storage or access for the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network, or as strictly necessary in order to provide an information society service explicitly requested by the subscriber or user" (so Article 5/3 of Directive No. 58/2002).

In 2009 Directive No. 2009/136/EC4 has amended the provisions of Article 5/3 mentioned above with the following wording: "Member States shall ensure that the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information, in accordance with Directive 95/46/EC, inter alia, about the purposes of the processing. This shall not prevent any technical storage or access for the sole purpose of carrying out the transmission of a communication over an electronic communications network, or as strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the service." In short, the provisions previously in force has been significantly strengthened by affirming the need of data subject's "informed prior consent" for placing any - not strictly functional – access mechanism on an end user's technical equipment.

No doubt, that in a society where more and more business activities are performed on-line, such consent requirements pose significant practical and technical challenges. In order to avoid differing interpretations and with the intent to offer useful guidance to the national Privacy Commissioners of the countries members to the European Union, the Article 29 Working Party5 has dedicated repeated efforts to the task of how consent should be obtained from data subjects in an on-line environment.

2. Already back in 2010 the Working Party explained – in its Opinion 2/2010 [WP 171] adopted on 22 June 2010 and focusing on online behavioral advertising – that the ePrivacy Directive, in its amended version, was clear about the fact that ".. an ad network provider who wishes to store or gain access to information stored in a user's terminal equipment is allowed to do so if: i) it has provided the user with clear and comprehensive information...., inter alia, about the purposes of the processing and; ii) it has obtained the user's consent to the storage of or access to information on his or her terminal equipment, after having provided the information requested under i)", additionally clarifying that "i) consent must be obtained before the cookie is placed and/or information stored in the user's terminal equipment is collected, which is usually referred to as prior consent and ii) informed consent can only be obtained if prior information about the sending and purposes of the cookie has been given to the user. In this context, it is important to take into account that for consent to be valid whatever the circumstances in which it is given, it must be freely given, specific and constitute an informed indication of the data subject's wishes. Consent must be obtained before the personal data are collected, as a necessary measure to ensure that data subjects can fully appreciate that they are consenting and what they are consenting to. Furthermore, consent must be revocable."

The Working Party then passed on to indicating how consent could be – legitimately - obtained in an on-line environment and to flagging some criteria to the attention of the advertising and marketing industry. With respect to browser settings is was felt that including the basic uses/purposes of third party cookies in a website's general terms and conditions and/or privacy policy does not meet the requirement of 'informed prior consent'. Neither is 'consent by implication (i. e. by use)' to be deemed as a viable solution. Technical means capable of "bypassing" users' browser settings meant to block cookies are also not acceptable. Finally, browser settings with agreement to receive future cookies in bulk are definitely incompliant.

To the purpose of achieving a valid consent, browser settings must engage data subjects in an "affirmative action" resulting in a clear choice in favor of accepting cookies and must "convey clear, comprehensive and fully visible information" about cookies' uses and purposes.

Therefore, generic warnings about the placement of cookies and their uses and purposes may not be considered as a suitable solution. The same goes for "opt-out" mechanisms and their 'implied choices': in the Working Party's opinion, they are not apt to result in compliance with the consent requirement.

While admitting to be "conscious of the current practical problems related to obtaining consent, particularly if consent is necessary every time a cookie is read for the purposes of delivering targeted advertising" and to be ware about the fact that in the ePrivacy Directive's wording ".. users' acceptance of a cookie could be understood to be valid not only for the sending of the cookie but also for subsequent collection of data arising from such a cookie" (therefore covering also the ".. subsequent 'readings' of the cookie that take place every time the user visits a website partner of the ad network provider which initially placed the cookie"), the Working Party feels that such an interpretation could easily result in a "once-for-ever" acceptance practice, not exactly in line with the Directive's intention. It therefore considers essential implementing safety measures, such as: limiting the scope of consent in time (e. g. no longer than one year, with a limited lifespan of cookies placed) and seeking for a renewal of consent after such period, offering additional information about the fact that consent will imply targeted advertising (with specific indications about the networks performing such practice), alerting periodically that monitoring is in place and providing a user friendly and easy to activate mechanism for revoking consent previously given.

3. In the following year, the Working Party released another extensive document – Opinion no. 15 [WP 187] dated 11 July 2011 – on the topic, meant to clarify the exact meaning of some terms frequently used in EU Privacy Regulations. This opinion intends to meet a specific request for input submitted by the EU Commission in order to achieve a better and common understanding on expression such as "indication", "freely given", "specific", "unambiguous", "explicit", "informed". The Commission's concern originated from the fact that "..in the online environment - given the opacity of privacy policies - it is often more difficult for individuals to be aware of their rights and give informed consent. "

On the premise that in the current EU Privacy Regulations "consent is used ... both as a general" (even though not the exclusive one) "ground for lawfulness .." [of the processing of an individual's personal data] "and as a specific ground in some specific contexts", the Working Party found that "Member States have taken their own approach and, in some cases, this has led to diversity. The concept of consent has not always been transposed word for word at national level."

So, what are we to consider when confronted with the requirement of 'informed, freely given, specific, explicit and unambiguous consent'?

In the conclusions of its Opinion, the Working Party summarizes the essential characteristics of such requirement and explains that "consent":

  • Is one (but not the only one) of the legal grounds for legitimate data processing,
  • When sought, has to comply with the indications set by Directive no. 46 of 1999 (and with some additional aspects established in Directive no. 58 of 2002),
  • When obtained, does not exempt the data controller from all the other compliance obligations set by the Directives (such as the proportionality principle and the adoption of technical measures suitable to grant safe processing),
  • Must be obtained from individuals in their full legal capacity,
  • Is always subject to data subject's right of withdrawal,
  • Must necessarily be achieved before the processing starts, and

then additionally clarifies that consent may be considered as:

  • 'Freely given', only if obtained without any "risk of deception, intimidation or significant negative consequences for the data subject" eventually not agreeing to the processing,
  • 'Specific', when it relates to the exact purposes of the processing as exposed in the in-advance notice provided to data subjects (therefore no 'blanket consent' being allowed),
  • 'Informed', when extensive and adequate information has been provided to data subjects before the start of the processing, being implied that such information has to be offered not in "overly complicated legal or technical jargon", but in in appropriate and easy to understand language as well as directly and in an easily accessible way (therefore 'availability somewhere' not meeting such requirement),
  • 'Explicit', if achieved through an "active response", allowing no doubts about data subject's 'express wish' to have its data processed for a certain – specified – purpose (where pre-ticked consent boxes would not result as a suitable mean),
  • 'Unambiguous', only where there is a mechanism or action in place that show individual's clear agreement to the processing (being obvious that 'consent by implication' is not deemed as acceptable).

In its final remarks the Working Party also stresses that in an on-line environment "explicit consent as a general rule for all types of processing" does not appear to result in an effective and adequate standard. On the contrary, "unambiguous consent" – especially if additionally clarified and defined, in the context of the upcoming revision of the current Privacy regulations - would not only encompass 'explicit consent', but would also offer data controllers broader flexibility in coming up with simple and user friendly technical solutions for collecting and substantiating individuals' consent to the proposed processing.

4. Just one year later the Working Party felt appropriate dealing with some aspects related to the so-called Cookie Directive (i. e. Directive no. 2009/136/EC), amending parts of the ePrivacy Directive (No. 2002/58/EC). With the aim of offering providers guidance on when they may consider themselves as exempt from seeking and obtaining users' consent for placing cookies or similar access mechanism on an individual's terminal device, it issued Opinion no. 4 [WP 194] of June 7th, 2012.

According to the Opinion the following may legitimately claim the benefit of consent exemption as provided by the criteria laid down in Directive no. 2009/136/EC6: "User input cookies" (i. e. first party 'session cookies', expiring at the session's end), "Authentication cookies" (identifying users once they have logged in; but if used for secondary purposes such as behavioral monitoring or advertising, exemption would not apply), "User centric security cookies" (also known as 'flash cookies', used for storing technical data needed to play back video or audio content; but no additional information must be collected), "Load balancing session cookies" (which allow to distribute web server requests over a pool of machines instead of just one), "User interface customization cookies" (simply meant to store a user's preference – e. g. as to language or result display - regarding a service across web pages), "Social plug-in content sharing cookies" (usually allowing social networks users to share contents they like with their 'friends'; but attention has to be paid in order to make sure that the exemption criteria are exactly met).

In the Working Party's view the following instead fall under the user consent requirement: "Social plug-in tracking cookies" (when not strictly necessary and functional, but used for tracking individuals, both members and non-members, with third party cookies for additional purposes such as behavioral advertising, analytics or market research), "Third party cookies" (when 'operationally' used for behavioral advertising purposes), "Cookies used for first party analytics" (i. e. for statistical audience measuring of websites, for detecting the preeminent search engine keywords or for tracking down navigation habits; even though for such systems the WP finds that in most cases "analytics cookies are not likely to create a privacy risk when they are strictly limited to first party aggregated statistical purposes and when they are used by websites that already provide clear information about these cookies in their privacy policy as well as adequate privacy safeguards")

5. Earlier this year the Working Party specifically addressed privacy concerns and issues involved by the simply booming use of apps on smart devices. Opinion no. 2 [WP 202] of 27 February 2013 contains a section dedicated to consent requirements in such particular context.

Considering that "when installing an app, information is placed on an end user's device" and that "many apps also access data stored on the device" (such as: contact details, addresses, images, other personal documents, etc.), it is quite clear that under the ePrivacy Directive such a practice needs to be covered by users' consent. While such requirement may be sufficiently met by downloading and installing an app (after clicking an "install" button) for such initial purpose, collecting information from an end user's device is clearly a different issue and needs the targeted individual's informed, freely provided and unambiguous affirmative choice. Therefore a "Yes I accept option" will not result suitable for meeting specific consent requirements: all purposes and further uses of the collected information will have to made patent and behavioral monitoring and profiling practices will have to be laid open. Different types of data accessed and collected by an app cannot achieve proper consent by simply clicking on an "Install" button, as consent may not result in a general or generic authorization formula, but in some cases may involve "granular acceptance"7. In addition, app developers will be well advised by carefully considering that, even after having achieved users' consent, they have no free license for excessive or disproportionate processing of the data collected through the app. They should also remind that all processing purposes – as explained in the in-advance notice – must be strictly maintained and that any significant changes to their business models will require a new notice and additional consent. Finally, they will have to bear in mind that business partners or third parties, capable of gaining access through data collected via an app, are hold to respect strictly the processing purposes revealed to app users.

6. Recently the Working Party, aware of "a range of practical implementations .... developed by websites in order to obtain consent for the use of cookies or similar tracking technologies", has felt necessary offering further guidance on issues relating to the achievement of proper consent for cookie placement on an end user's device.

It has therefore delivered additional suggestions - in Opinion no. 2 [WP 208] dated 2 October 2013 – to website operators and providers of on-line services making use of cookies for various purposes, such as: enhanced functionalities, analytics, targeted advertising or product optimization. In the Working Party's view, operators are free to use any suitable mean for achieving consent, as long as their practices are apt to inducing targeted individuals to validly agreeing on the processing of their personal information through the use of cookies or of similar technologies.

On such premise, the Working Party starts by individuating the most common means put in place in order to seek for users' consent and finds that operators and providers tend to rely on the following systems:

  • "an immediately visible notice that various types of cookies are being used by the website, providing information in a layered approach, typically providing a link, or series of links, where the user can find out more about types of cookies being used,
  • an immediately visible notice that by using the website, the user agrees to cookies being set by the websites,
  • information as to how the users can signify and later withdraw their wishes regarding cookies including information on the action required to express such a preference,
  • a mechanism by which the user can choose to accept all or some or decline cookies,
  • an option for the user to subsequently change a prior preference regarding cookies."

With respect to such systems, the Working Party feels that, "although it is important to note that whilst each" [practice] "may be a useful component of a consent mechanism, the use of an individual practice in isolation is unlikely to be sufficient to provide valid consent as all elements of valid consent need to be present". It therefore passes on to reminding the main elements of valid consent, consisting in "specific information, prior consent, indication of wishes expressed by user's active behaviour and an ability to choose freely", where:

  • 'Specific information' has to consist in "clear, comprehensive and visible notice on the use of cookies, at the time and place where consent is sought", e. g. the entry page of a webpage where a user's browsing session starts and where "users must be able to access all necessary information about the different types or purposes of cookies being used by the website" or should at least find a link to a location with a detailed description of the cookies in use as well of the cookies' purpose(s); such 'necessary information' would also have to include indications about aspects such as: placement of third party cookies or third party access to data collected via operator's cookies, cookies' expiry date and users' choice on (complete or partial) acceptance or refusal of cookie placement
  • 'A time requirement' must be considered, which involves an obligation of providing a consent system not allowing to set a cookie on a user's device before the latter has made an explicit choice in favor of such placement,
  • 'A clear acceptance' requirement has to result in a mechanism through which an adequately informed user can express – by adopting an active behavior or a positive action – his/her express choice in favor of the placement of cookies and the collection of his/her personal information through them. Such mechanisms may typically ".. include splash screens, banners, modal dialog boxes, browser settings .." and expressing a choice via an 'active behavior or a positive action' may consist in ".. clicking on a link, image or other content on the entry webpage ..", provided the choice is based on clear and comprehensive information about cookies' purposes and is expressed via a system (e. g. an "Accept" button), made available close to the location of such information. User's choice therefore must always result expressed in 'conjunction' with comprehensive purpose information. User's passive attitude and absence of active behavior will never be considered as correct fulfillment of the requirement,
  • 'Freely given consent' means that users must find at their disposal – right on the entry page – a mechanism allowing a real and meaningful choice with respect to cookie use on their terminal devices and offering an option to accept (entirely or partially) or to decline such placement. Browsing a website without receiving cookies (or by receiving just some of them) should be a standard situation for users and 'general access' to a site should not result conditional on consent to cookie use; such condition may cover and limit only access to certain, specific content.

Finally, the Working Party reminds operators and providers that cookies not functional and necessary to delivering a certain service, but intended to offer additional benefits must always provide for a real acceptance choice. An identical obligation has to be fulfilled with respect to cookies primarily set for tracking purposes.

7. To conclude, website operators and providers of services of the Internet society will have to accept the fact that under EU privacy regulations consent by implication mechanisms (such as: "By entering, using, registering, browsing, ... you accept") will be deemed as suitable for achieving valid consent only in very few cases, i. e. when accompanied by – detailed, clear and easily accessible - purpose information and by additional systems allowing to show user's conscious, meaningful and positive choice in favor of a certain data or cookie use and purpose. Here lies the technical challenge to the industry and its capacity of developing consent achievement mechanisms viable in the day-by-day reality of an on-line environment.

Footnotes

Felix Hofer is a named and founding partner of the Italian law firm Studio Legale Hofer Lösch Torricelli, in Firenze (50132), via Giambologna 2/rosso; he may be reached through the following contact details: Phone +39.055.5535166 , Fax +39.055.578230 – e-mail: fhofer@hltlaw.it (personal) or info@hltlaw.it (firm e-mail).

2 Directive no. 95/46/EC of 24 October 1995 may be found at:

http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:1995:281:0031:0050:EN:PDF

3 Directive no. 2002/58/EC of 12 July 2002 may be found at:

http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2002:201:0037:0047:EN:PD

4 Directive no. 2009/136/EC of 25 November 2009 may be found at:

http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2009:337:0011:0036:EN:PDF

5 The Working Party was set up under Article 29 of Directive 95/46/EC. It acts as an advisory body to the EU Commission and has the specific task of: (a) offering expert opinion from member state level on questions of data protection, (b) promoting harmonized application of the general principles of the Directives in all Member States through co-operation between data protection supervisory authorities, (c) advising on any Community measures affecting the rights and freedoms of natural persons with regard to the processing of personal data and privacy. Its tasks are detailed in Article 30 of Directive 95/46/EC. All EU Member States have a representative is this body and the national DPAs will always conform their activities to the indications issued by this Advisory Board.

6 According to the Directive cookie placement goes exempt from the requirement of informed consent only if the cookie: (a) is used for "the sole purpose of carrying out the transmission of a communication over an electronic communications network", (b) "is strictly necessary for the provider of an information society service explicitly requested by the subscriber or user to provide the service".

7 According to the Working Party "granular consent means that individuals can finely (specifically) control which personal data processing functions offered by the app they want to activate", so Opinion no. 2/2013, page 15.

(Reference date of this paper: November 2013)

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Authors
Felix Hofer
Similar Articles
Relevancy Powered by MondaqAI
Studio Legale Hofer Lösch Torricelli
 
Some comments from our readers…
“The articles are extremely timely and highly applicable”
“I often find critical information not available elsewhere”
“As in-house counsel, Mondaq’s service is of great value”

Related Topics
 
Similar Articles
Relevancy Powered by MondaqAI
Studio Legale Hofer Lösch Torricelli
Related Articles
 
Up-coming Events Search
Tools
Print
Font Size:
Translation
Channels
Mondaq on Twitter
 
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
 
Email Address
Company Name
Password
Confirm Password
Position
Mondaq Topics -- Select your Interests
 Accounting
 Anti-trust
 Commercial
 Compliance
 Consumer
 Criminal
 Employment
 Energy
 Environment
 Family
 Finance
 Government
 Healthcare
 Immigration
 Insolvency
 Insurance
 International
 IP
 Law Performance
 Law Practice
 Litigation
 Media & IT
 Privacy
 Real Estate
 Strategy
 Tax
 Technology
 Transport
 Wealth Mgt
Regions
Africa
Asia
Asia Pacific
Australasia
Canada
Caribbean
Europe
European Union
Latin America
Middle East
U.K.
United States
Worldwide Updates
Registration (you must scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions

Mondaq.com (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of www.mondaq.com

To Use Mondaq.com you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.

Disclaimer

The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.

General

Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions