4 Comments

Summary:

UK web publishers and marketers may be grumbling about the E-Privacy Directive coming into force, but they can count themselves lucky that they’re not dealing with stricter interpretations of the law that are happening elsewhere across Europe.

Neelie Kroes

The end of the world is nigh, if you believe some of the doomy predictions around the ‘EU cookie law’.

Coming into force in the UK on Saturday, Article 5(3) of the E-Privacy Directive (happy reading) says EU countries have to make sure consumers are “offered the right to refuse” cookies being downloaded onto their computers by web services, in all but essential cases. They also have to give “clear and comprehensive information” about what the cookies are for.

The deadline for all this was late May 2011. A year on, eight member states – Belgium, Cyprus, Germany, Italy, Malta, Poland, Romania and Slovenia – have yet to even transpose the directive into their national laws, let alone start enforcing it.

And in the other 19 countries, there’s a pretty big variation in how national laws interpret the directive. It should also be pointed out that the UK is something of a special case here, in that its data protection authority gave businesses an extra 12 months to comply (ending on Saturday). The rest are already enforcing their updated laws.

But before looking at what they’re enforcing, let’s go back to the rationale behind all this, from the perspective of digital agenda commissioner Neelie Kroes:

If you log in to a web service, the cookie that remembers that you are logged in is fine – and indeed this makes our lives a whole lot easier online. But a cookie that is used to build a profile of what you are doing online is less OK: it might mean that your web surfing over time (searches, web pages visited, the content viewed, etc.) is tracked, for example in order to match ads against your interests as determined from the profile. The use of such cookies requires your consent,” Kroes blogged earlier this year.

“Consent” is the key word here, and it can be interpreted in several ways.

In countries such as Latvia, a strict opt-in principle is in play. That means the user has to agree to almost every cookie being installed on their machines, and browser settings that give the all-clear to cookies are not enough to imply informed consent.

If you’re operating in Spain or Luxembourg, the law demands that users opt into cookies, but accepts that browser settings are satisfactory. In Finland or Bulgaria, the users don’t even have to opt in – they just have to be given an opportunity to opt out – and browser settings are again an accepted way of communicating cookie preferences.

Austria demands opt-in, but browser settings may be OK (the law is open to interpretation). France is fine with opt-out and also with browser settings, as long they’re not over-general. The UK doesn’t demand strict opt-in but it also doesn’t see browser settings as a satisfactory solution.

Portugal’s implementation doesn’t even mention cookies, so it’s hard to say what the rules are there.

Confused yet? You’re not the only one, and Kroes knows it. She’s a savvy operator and she’s also not the one who came up with the E-Privacy Directive – that was her predecessor Viviane Reding, now the justice commissioner.

Which is probably why Kroes has been pushing like mad to get a consistent solution implemented within the technology itself. That would be the ‘Do Not Track’ (DNT) browser feature, which, as the name suggests, gives users a way to set their cookie preferences within the browser rather than for every specific site – preferences that website providers are supposed to respect.

Google, Yahoo, AOL, Mozilla, Microsoft, Apple and Twitter have all signed up to implement and/or respect DNT preferences. Facebook, you will be astonished to hear, has not.

As explained above, DNT will not in itself be an answer to the cookie problem in some countries. However, there are countries such as the Netherlands and Lithuania where legislators have decided that it’s only current browsers that don’t offer satisfactory cookie settings. In those cases, a proper implementation of DNT may pass muster, bringing those countries in line with the relaxed majority.

So for all those online publishers and marketers grousing about the UK’s implementation of the cookie law, consider these points:

• Some other EU countries have stricter rules.
• Sooner or later, you’re going to come up against the consent issue from a technical as well as legislative standpoint anyway.
• The UK Information Commissioner’s Office seems keen to play fair, hence the 12-month extension. But consider this quote: “We will allow for a greater focus on wilful non-compliance by letting those who are making genuine attempts to comply get on with the job without unnecessary interference from the regulator.” In other words, do make some attempt to play along.

  1. Peter Cranstone Friday, May 25, 2012

    Did you know that the proposed DNT standard infringes US Pat: 8,156,206?

    Share
  2. Antivirus Sorted Friday, May 25, 2012

    I’ve been struggling like mad to make my sites compliant. When your website design knowledge is extremely limited (I’m using “out the box” WordPress), learning how to block cookies on your site that you have no control of is virtually impossible. I’ve even had the owner of site which promises to block cookies with their widget (For free apparently until you try use their widget) trying to extort me for money. This EU directive is absolutely mad and impossible in enforce across the board because the structure of the Internet does not allow it. My sites are now compliant thanks to a very useful WordPress plug-in however the user experience is now horribly messed up because of it. The EU’s financial status is already in tethers – Now making EU based websites less user friendly will be another kick in the teeth of the Euro.

    Share
  3. Aaron Weissman Friday, May 25, 2012

    We’ve laid out clear guidelines on how you can be compliant with the EU privacy directive on the Skimlinks blog.

    Don’t panic, check out our advice and simply be upfront with your users about how you track: http://blog.skimlinks.com/2012/05/03/its-all-about-the-cookies-an-important-update-from-skimlinks/

    Don’t hesitate to reach out to any of the experts on our team for guidance. We are happy to help!
    -Aaron, Marketing Director @Skimlinks

    Share
  4. Wolf Software Friday, May 25, 2012

    We have created a suite of solutions both free and commercial to allow website owners to gain consent from their users.

    http://demos.dev.wolf-software.com

    Share

Comments have been disabled for this post