The story is getting a lot of press and attention right now — most of it very negative indeed. The BBC says the rules are “set to make cookies crumble”, while TechCrunch Europe says it will “kill our startups stone dead”.
So what are they so worried about? Let’s walk through the issues.
The new directive (an amendment to a similar, earlier one) is, essentially, an attempt to make users aware of the personal data that they hand over to web-based businesses. It’s asking anyone who collects significant private data to tell users and give them the ability to opt out. As the the document itself states, it is of “paramount importance that users be provided with clear and comprehensive information when engaging in any activity which could result in such storage or gaining of access. The methods of providing information and offering the right to refuse should be as user-friendly as possible.”
It’s probably also worth pointing out what the amendment isn’t:
It’s not a law. The EU is saying member states should enact their own legislation in this area to harmonize with each other, but each country gets to apply it in its own way. Britain’s government will have no impact on the French; the Spanish solution may be very different from the Italian, and so forth.
It doesn’t make opt-in compulsory yet. Because of the system, directives take a long time to become enforceable laws. So while the directive might come into force on May 25, it’s not going to be resulting in court cases for years.
It’s not aimed at making businesses less competitive. It’s aimed at making them more transparent.
On the surface, perhaps there’s nothing to complain about. After all, most reputable companies already do this as a matter of course, and let’s not forget any foreign company that wants to operate in Europe — Google, Facebook, eBay and others — will also have to abide by these rules.
There are, however, plenty of good reasons for European entrepreneurs to be skeptical about where all this may be headed. Attitudes toward most things, including privacy, vary wildly from one side of Europe to the other and the big fear is that the whole of the EU could end up being forced to adopt the strongest laws by proxy. That would probably mean German laws, which are fiercely protective — to the point that some lawyers there suggest Google Analytics could be considered illegal.
It may simply be a coincidence that the German Internet industry is underwhelming for a country of its size, but it’s enough to strike fear into the hearts of entrepreneurs in Sweden or Estonia or the U.K. Do they all want to be forced to adopt rules that would damage their own vibrant startup economies?
That’s the real reason we’re hearing this noise: it’s an attempt to pressure national governments to adopt the directive in a way which doesn’t go down the German path. Yet in most cases, those lobbying against it are already pushing against an open door. For example, Britain’s privacy watchdog — which is helping draft the U.K. version of the law — says “we are clear that these changes must not have a detrimental impact on consumers nor cause an unnecessary burden on U.K. businesses.” What clearer signal can you get?
I suspect that, once the fuss has died down, this story will actually be more illuminating as a parable about the attitude of many European entrepreneurs towards their governments. On one hand, they are happy to take handouts and benefit from political support, while on the other, they start throwing a tantrum whenever legislation doesn’t bend to their demands.
The EU directive isn’t a perfectly-formulated piece of work by any stretch of the imagination, but if the continent’s entrepreneurs really want to be competitive with the rest of the world they’ll have to pick their battles carefully and avoid being overwhelmed by hysteria.
Related content from GigaOM Pro (subscription req’d):