Confusing and bad news for website owners – EU Data Supervisor says that industry guidelines for cookie use are not sufficient and that consent for cookie use must be actively obtained – criticizing the softer stance of EU Commissioner.
Rather than have the usual picture of biscuits, jars or muppets to go with this cookie post I thought I'd channel some Johnny Cash instead. Image: Flickr - Diogo A Figueira.
This is another of my posts about the EU directive which threatens life as we know it. This is an amendment to the EU’s Privacy and Electronic Communications Directive which forces website owners to obtain consent from a website visitor before cookies can be left on their computer. The upshot of this would be a sudden, and profound, hole in the data we collect on customer behavior on our websites.
No one really knows what the hell to do – since the Directive’s amendment, confusion has reigned supreme with some EU countries not getting round to implementing it while others, like the UK, bashing out a rapid response – and then giving organisations a year to respond to it.
Websites which have attempted to get visitor consent have screwed their site, and their data collection, with unwieldy solutions – the UK Information Commission’s Office, I’m looking at you.
Right now, there has not been any major indications that cookie use is being reduced.
In the background, marketing and advertising associations have been putting together guidelines for how cookie users can respond to this – use cookies, and yet still remain within the law. Check out the guidelines from the Swedish brand of the IAB here.
EU Data Protection Supervisor criticizes EU Commissioner – Advertising Association guidelines unworkable?
Neelie Kroes, the EU Commissioner behind this directive, had previously said that European companies have a year to comply with the directive and that she supported efforts by advertising associations (such as the IAB) to create some kind of standardized opt-in.
Not good enough, responded Peter Hustinex the European Data Protection Supervisor. In a recent speech he specifically said that the guidelines suggested by the IAB fell short of the requirements of the directive, despite them being welcomed by Kroes, the EU Commissioner. He went on to say that Kroes’ support for a US ‘do not track initiative’ also fell short of the Directive’s requirements. One measure he suggested was a default browser setting of non-acceptance for cookies.
Read his whole speech here.
What Happens Now?
More confusion – even the EU can’t seem to agree on what this directive means. Germany and Denmark have aready got a ban on using Google Analytics (from earlier concerns about IP addresses), but many companies in those countries continue to use it, knowing that the risk of being penalized is relatively low. However, for those of us operating in the public sector there’s a risk that we could get some form of all-encompassing edict of ‘no cookie use without consent’ and boom, there goes our main method for collecting data for improving our websites. Sigh. Where do we go from here? I really don’t want to be saying ‘I told you so’ in a few years time.
Tags: advertising, analytics, commissioner, cookie, cookies, Directive, eu, European union, IAB, lag, svensk, sverige, tracking, web, website
August 19, 2011 at 10:21 am |
The recent opinion 15/2011 on the definition of consent from the EU “Article 29 Data Protection Working Party” http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2011/wp187_en.pdf isn’t helpful either; see the comments on the ePrivacy amendments pages 30-31.
August 19, 2011 at 12:17 pm |
Thanks Henrik, I’ll check that out…
November 29, 2011 at 12:46 pm |
[...] I need cookies to do my job – that is, to make the user experience better; these recommendations seem like a sensible solution for everyone. Unfortunately, I doubt that the EU will entirely agree – particularly given the apparent disagreement between EU ministers on how this directive should be enforced. [...]