Cookie Killer – New EU Directive on Cookies and Privacy – New Swedish Law


New privacy laws could impact on our ability to gather user data, potentially restricting the use of tools like Google Analytics.

The New EU Law

The EU will soon be enforcing a new directive which directly addresses the way cookies can be used – it’s a development of the EU’s ePrivacy directive. How will it affect your website? Well, no one seems to be totally clear but there’s certainly a ton of, what seems to be, well founded gloom.
Essentially the law requires website owners to get consent from website visitors to record and store information about them :

site owners need to get an explicit opt-in in order to deploy practically any cookie” – Wired

Photo from Jim Linwood - Creative Commons Licence - http://bit.ly/j7haTF

Sweden’s New Law ‘Bättre Regler för Elektroniska Kommunikationer’ – A response to the EU law

In a few day’s time the Swedish Government will be voting on a new law ‘Bättre regler för elektroniska kommunikationer’ which will enforce the EU law.

Using my second language with a legal document is not a happy combination, but cookies are under the spotlight in this new law. For example, page 317 of the law says:

“Abonnenten eller användaren ska inte längre bara ges tillfälle att hindra lagring eller åtkomst, utan måste lämna sitt samtycke till åtgärden”

This sounds like the opt-in which the Wired Article, and several other commentators have described (Techcrunch have come out of the corner fighting on this one ‘Stupid EU Law‘). However, the Swedish law just does not seem clear enough.

“Vissa menar att samtycket måste inhämtas innan man besöker själva hemsidan, det vill säga i praktiken kommer man till en ”för-sida” där informationen om cookies ges till den enskilda användare som får godkänna dessa för att sedan länkas vidare till själva hemsidan.”: Ny lag för Cookies – Mathias Berggren

The EU law states that cookie use is acceptable where it is absolutely mission critical, but opinions will no doubt vary on what is critical.

Google Analytics – Can we still use it?

My sector, and many others, rely on using 1st party cookies to gather data on what our visitors do on our websites. This enables us to optimize the user experience – for a content rich website, like a university website, it’s a vital tool. This new law could very well prevent the use of Google Analytics, and thus leave a potential gap in our ability to understand how people use our websites.

There’s discussion about this on the Google Analytics forum.

Our search optimization efforts, measurement of YouTube success and use of adwords would, presumably, also be impacted. So, can we still use Google Analytics?  It would be nice to get some kind of  measured response from e-delagationen or Datainspketion (who have previously commented on the use of Google Analytics).

In the UK, the Information Commissioners Office’s guidelines do not include the use of cookies to gather statistical data as sufficiently mission critical to allow their use, without first getting consent.

A Final Word

Several commentators consider this law simply to be unworkable, as to police it would be extremely difficult. Germany has banned Google Analytics, but do German sites continue to use it? It would be interesting to find out how such a ban actually works in practice.  This law could be a massive blow to our ability to manage websites, a blanket  enforcement of ‘do not track’ (or ‘do not track without consent’) could result in some bizarre user experiences with opt in messages plastering websites. Alternatives do exist when it comes to data collection, it’s true, and making sure we only collect aggregate data could defuse privacy issues at a stroke.

Let’s see where this lands – Don’t Panic.

I’ll be at the Google Analytics conference in Stockholm tomorrow, no doubt more light will be shed on this subject there.

Please feel free to leave comments on the new law, and particularly the Swedish law – be nice to get a lawyers input on this.

About these ads

18 thoughts on “Cookie Killer – New EU Directive on Cookies and Privacy – New Swedish Law

  1. Some German sites do continue to use it (not mine, though!) and in some states the data protection authorities have sent out letters to website owners to say that they are aware of their sites, but are holding back on action for the time being.

    Once a court somewhere in Germany takes a binding decision on the use of Analytics, they will probably fine them if they don’t remove it.

    • Thanks for that input Graham – I can imagine this will be a nightmare to police. The Wired Article I link to above said this “One saving grace is that directives of this kind invariably require a high-profile test case, usually involving a large company, to determine precedent for any realistic judicial interpretation or legal action. That won’t happen in a hurry, which means there’s time, if the industry moves quickly, to have this ludicrous decision rescinded.” Time will tell – I’ve got no idea what an industry solution would be, but maybe some kind of standards regarding use of cookies would be nice.

  2. Thanks for the summary John. We like you use Google Analytics, which is an important tool – not least in regard to the management of web content. I look forward to hearing more after the conference. I won’t be there, but at least one colleague will be.

  3. John, Thanks for the post. But I’m even more impressed that you made it to page 317 of a legal text in your second language. Look forward to hear what develops at the conference in Stockholm.

    • Hi Sean, thanks – I’ll be posting about the conference in Stockholm. Definitely need to get some expert legal input on the Swedish law! There’s been a lot of discussion about this EU Directive in the UK, not so much in Sweden – as far as I can see. It’s going to be ‘interesting’, to say the least, to see how this pans out.

  4. If we end up with a worse case scenario – where the law in effect (either directly, or indirectly due to the impracticality of the required technical solution) means we can’t use cookies for the gathering of visitor data – will sites move to hosting outside of the EU?

    • Hi James – thanks for your comment; who knows what will will happen. At the Google Analytics conference yesterday Google said they were keeping a very close eye on this, with a group set up to work with it – but more to understand it, there was no talk of any solutions or workarounds. Several other experts I talked to felt that this is an unworkable law and simply impossible to police. Must admit though, seemed to be a level of ignorance about the new law as well, which surprised me – much more discussion about this in the UK, for example (though the ICO there has already published guidelines).

    • Hi Gilbert – great stuff; it’s high time we came up with some kind of standards, had we had them earlier then maybe this law would not have been so draconian in the first place. I’d be interested to know what you would like to see happen in the future?

  5. Hi John – apologies for the delayed reply but it’s been pretty hectic here with various announcements made from different government bodies, most notably that UK sites have 1 year to ‘get their house in order':

    http://www.cookiecrunch.co.uk/cookie-news/2011/5/26/uk-enforcement-delayed-for-a-year.aspx

    Good news is that the ICO in particular seems keen to establish a consensus, so we’re giving some thought on how we can agree a set of ‘statutes’ for best practice which we can share with the digital community and get peer input.

    Watch this space!

  6. Pingback: Cookie Law Comes Into Effect In Sweden – PTS are reponsible and no detail available yet. « University Usability

  7. Pingback: Aggregaat

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s