Cookie rules are defined in the e-Privacy Directive 2002/58/EC, as
amended by the 2009 Citizens’ Rights Directive, in Article 5 that
regulates confidentiality of communications. Electronic communication
service providers should not listen, tap, store or carry out any other
form of surveillance without obtaining users’ prior informed consent.