Ban on "cookies" could hit UK business

UK businesses could lose as much as £187m if the European Parliament bans cookies - the small files used as a bookmark by...

UK businesses could lose as much as £187m if the European Parliament bans cookies - the small files used as a bookmark by Internet browsers to store information about users and their browsing patterns - according to a survey by the Interactive Advertising Bureau UK (IAB).

The European Parliament will vote next week on whether to make cookies illegal.

The proposed ban is part of wider legislation based on a report on data protection drafted by Italian MEP Marco Cappato. The legislation also aims to deal with unsolicited commercial e-mail, commonly known as spam.

According to the report - the second version of which was approved by the influential EU Citizens' Freedoms and Rights, Justice and Home Affairs Committee on 22 October - the use of cookies by companies is an infringement on personal privacy, and therefore a human rights violation under the European Convention for the Protection of Human Rights and Fundamental Freedoms.

"So-called cookies, spyware, Web bugs, hidden identifiers and other similar devices that enter the users' terminal equipment without their explicit knowledge or explicit consent in order to gain access to information, to store hidden information or to trace the activities of the user, may seriously intrude on the privacy of these users," the draft legislation reads.

"The use of such devices should therefore be prohibited unless the explicit, well informed and freely given consent of the user concerned has been obtained," the legislation adds.

Thousands of e-commerce sites use cookies to authenticate users or store private information, and the IAB argues that such a move will keep users from engaging in e-commerce.

Users will become so frustrated at having to re-register or re-enter preferences every time they re-visit a Web site, they will lose interest in e-commerce altogether, the organisation said in a statement.

Cookies, far from being a violation of privacy, actually protect users by ensuring that they are genuine visitors to a site, as opposed to someone with a stolen password, the IAB said. They are used to legitimately authenticate and speed up a user's identification and e-commerce transactions, the group added.

The European Parliament said that because cookies can be used to build consumer profiles on users by tracking a user's surfing history, a company should have prior permission from that user before enabling cookies in an Internet browser.

In May, US-based privacy organisation urged users of Microsoft's Internet Explorer browsers to turn off JavaScript, claiming that it could expose their cookie files and allow them to be intercepted and read by a potentially hostile third-party Web site.

Microsoft also uses cookies in its Passport e-commerce system, but argues that they are encrypted and then deleted when users sign out of a Passport session.

The company said it observed all regulations and that it had signed the European Union-US Safe Harbour agreement, which allows companies to export personal data about their customers from Europe to the US. The agreement works under the European Union data protection directive, which outlaws the transfer of personal data to countries.

Read more on IT legislation and regulation