An article in the Wall Street Journal today discusses the ongoing issue and debate around regulating online web cookies in the European Union. Lawmakers and regulators in the EU are finding it difficult to reach a common ground with the new legislation.
Last year, the EU passed a law which requires company who use cookies to seek consent of the user before using them. The problem is that all of the stakeholders – Internet companies, advertisers, privacy advocates, and member states – can’t agree on exactly what the law means or how it should be implemented.
Several years ago, EU lawmakers started revising the telecoms law that covers cookies. Cookies are tracking files that may hold user preferences or log in details, among other data that tells the story of the user in a particular browser on a particular computer. The problem is what they had to work with and what they decided up were both equally as confusing. Here is the progress of the law:
• Old Law - 'is only allowed on condition that the subscriber or user concerned is provided with clear and comprehensive information…about the purposes of the processing, and is offered the right to refuse such processing'
• Draft New Law - 'is prohibited unless the subscriber or user concerned has given his/her prior consent, taking into account that browser settings constitute prior consent, and is provided with clear and comprehensive information'
• New Law as Passed - 'is only allowed on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information'
The confusion arises around what is defined as ‘giving consent’. Is reading the terms of conditions enough? Or should there be an ‘opt in’ or ‘opt out’ button? No one quite knows for sure what this means, but guidance from EU Commissioner Neelie Kroes is due out next year.
23/11/2010
Cookie confusion for the EU
PREVIOUS POST
"I've got nothing to hide!" 
It is not sufficient to bury the consent information in a lengthy terms and conditions document and assume that people have read them. An opt in or out button seems a reasonable way to go if this assists informed decision making. Consent should not be assumed when it comes to security issues. Nor should consent be presumed simply on the basis that previously a decision was made to opt in - we do not necessarily always make the same choices. Consent matters should be much more high profile to raise awareness of them and to ensure that consent and the principle of giving consent is respected.
Posted by: consentmatters | 23/11/2010 at 02:45 PM
That's a ludicrous law; most websites won't work very well at all without cookies, as there's simply no way to maintain a session without them. Sure, you can use a session ID in the URL, but that has tonnes of other problems (including making it easier to hijack someone else's session), all of which are worse than the solution of using cookies.
The trouble with this kind of thing is that the people making the laws don't have a damned clue what they're legislating about.
Posted by: alastair | 23/11/2010 at 04:17 PM
Every year when we get close to Christmas I say the same exact thing. “This is the year the kids will really start to get it and it will be SO FUN!” And every year I get a little bit more right, but it turns out I am still, generally, WRONG.
Posted by: swtor credits | 24/11/2010 at 08:22 AM
“What is the shortest amount of time you recommend hormones,” I asked my doctor. “Four years,” she replied. “And what about the increased risk of breast cancer?” More questions. “If you get breast cancer in a year, the hormones didn’t cause it. Something else did,” she told me. “You go into this with eyes wide open. You make the best decision with the information that is available now,”
Posted by: gw2 gold | 29/11/2010 at 12:56 AM
I dream about you and imagine how great it would be if you were here with me.
Posted by: cheap jordans | 04/03/2011 at 06:05 AM