Web Design Industry Blog

Blog Rss Feed

Internet Cookies and the EU Privacy and Communications Directive

Published on August 12, 2011
Tags: Web Site Law, Internet Security, Internet Communication

There has long been tension between the need to protect consumers’ privacy on the web and businesses’ desire to grow their online operations in any way they can. One of the things that have led to some of the most heated debates is internet cookies. There has been growing concern among some consumers, for instance, that they are effectively being stalked on the internet. This can be seen in the way a product you might have looked at on one website suddenly appears in adverts on subsequent websites that you visit.

This is the result of internet cookies and, while some cookies are relatively harmless and can in fact be useful (such as by remembering your preferences and log in details), some are not so welcome. As a result, the European Union introduced a new regulation called the Privacy and Communications Directive. The aim of the Directive was to put more guidance in place so that websites know how much information they can collect on their visitors without having to ask their permission.

The Directive is also sometimes known as the ‘cookie law’ and it was due to be implemented by governments by May 2011. At the time of writing, hardly any of them had done so. Only the governments of the UK, Denmark and Estonia had taken any steps to bring the Privacy and Communications Directive into law, and Denmark has since put its draft laws on the back burner.

In the UK, things are quite a bit better, with fairly comprehensive guidelines being given out – but firms still have a year to comply with the new ruling. This means that the ‘third party cookies’, which are thought to be causing a lot of the problems faced by consumers, can still often be found and tailored advertising online still abounds.

Here’s how it works. Say, for instance, that you look on a website for a new power tool. You don’t buy it, but the internet cookies register that you have looked at the product and were interested in it. You leave the website and spend some more time browsing, when you suddenly notice that something keeps happening: adverts for the power tool you were looking at earlier – and perhaps similar products - keep popping up on websites. The aim of businesses, of course, is to try and persuade you to click on one of those adverts and then make a purchase. The concern for web users, naturally, is the extent of the information companies are apparently able to collect on them.

This is what the EU Directive is supposed to help solve, by dividing internet cookies into two groups: those cookies that are ‘strictly necessary’ for services to operate and those that aren’t, which would require users to give their consent before they could be used. As you might expect, many people working in the European marketing industry do not like the Directive as it confuses what they are and aren’t allowed to do.

One thing that has caused confusion is over what the Directive actually requires websites and businesses to do: are they supposed to actively alert users whenever a cookie is placed on their machine, or is it enough to simply make them aware of their security options within their browser, thus leaving it up to the user to alter their security settings if they so wish? Part of this issue arises because the EU’s definition of ‘strictly necessary’ is very narrow, to the point where a cookie that remembers what language you typically view websites in would be likely to fall outside the ‘strictly necessary’ category.

This makes it harder to comply with the law. If you were to assume that the requirement of the directive was that notification had to be given of all cookies outside the ‘strictly necessary’ group, this could potentially lead to a high volume of pop up alerts asking for users to give their permission to continue. This leads to another problem: a lot of browsers block pop ups as a matter of course, and even if they don’t, the vast majority of web users loath them.

However, there is still the problem of users being concerned about their online privacy. There’s also the issue of how the Directive, if fully implemented, would affect businesses: many rely on cookies to work out the extent of their return on investments and believe that tailored advertising actually enhances the user experience. All of this means that companies are now faced with trying to explain to customers the value of using third party cookies.

Even more confusing is the fact that different EU governments are determining the Directive in different ways, so while some countries propose that web users should actively give their consent to individual cookies, others are much more general. Perhaps then, once thing is clear: while a stab at a coordinated effort has been made in order to reassure web users that their privacy is protected, more action and more coordination is still needed to make sure there is a workable policy and that it won’t harm ecommerce in the process. With 27 countries in the EU that all need to be working together, it seems as this could be one that’s set to continue for a good while yet.

By Chelsey Evans

Submit Blog & RSS Feeds 
 

Comments

No comments received yet. Be the first by completing the form below!

Leave a comment

 

Name *:

Email Address*:

Comment *:



Security Code:*
Reset Security Code