Confusing and bad news for website owners – EU Data Supervisor says that industry guidelines for cookie use are not sufficient and that consent for cookie use must be actively obtained – criticizing the softer stance of EU Commissioner.
Rather than have the usual picture of biscuits, jars or muppets to go with this cookie post I thought I'd channel some Johnny Cash instead. Image: Flickr - Diogo A Figueira.
This is another of my posts about the EU directive which threatens life as we know it. This is an amendment to the EU’s Privacy and Electronic Communications Directive which forces website owners to obtain consent from a website visitor before cookies can be left on their computer. The upshot of this would be a sudden, and profound, hole in the data we collect on customer behavior on our websites.
No one really knows what the hell to do – since the Directive’s amendment, confusion has reigned supreme with some EU countries not getting round to implementing it while others, like the UK, bashing out a rapid response – and then giving organisations a year to respond to it.
Websites which have attempted to get visitor consent have screwed their site, and their data collection, with unwieldy solutions – the UK Information Commission’s Office, I’m looking at you.
Right now, there has not been any major indications that cookie use is being reduced.
EU Data Protection Supervisor criticizes EU Commissioner – Advertising Association guidelines unworkable?
Neelie Kroes, the EU Commissioner behind this directive, had previously said that European companies have a year to comply with the directive and that she supported efforts by advertising associations (such as the IAB) to create some kind of standardized opt-in.
Not good enough, responded Peter Hustinex the European Data Protection Supervisor. In a recent speech he specifically said that the guidelines suggested by the IAB fell short of the requirements of the directive, despite them being welcomed by Kroes, the EU Commissioner. He went on to say that Kroes’ support for a US ‘do not track initiative’ also fell short of the Directive’s requirements. One measure he suggested was a default browser setting of non-acceptance for cookies.
Read his whole speech here.
What Happens Now?
More confusion – even the EU can’t seem to agree on what this directive means. Germany and Denmark have aready got a ban on using Google Analytics (from earlier concerns about IP addresses), but many companies in those countries continue to use it, knowing that the risk of being penalized is relatively low. However, for those of us operating in the public sector there’s a risk that we could get some form of all-encompassing edict of ‘no cookie use without consent’ and boom, there goes our main method for collecting data for improving our websites. Sigh. Where do we go from here? I really don’t want to be saying ‘I told you so’ in a few years time.