If the regulations get past a second reading of the European Parliament early next year, this will become law (although it may take some time for the regulations to become law in member states).
The burning question is how on earth do the Eurocrats expect businesses to obtain prior consent? The trouble is that under EU data protection laws, silence of a Web site user no matter how well informed they may be, is not enough to qualify as consent. Businesses will need to have some positive indication from users that they are willing to have their site use tracked by cookies before the cookie is sent to their PC.
How can that work? Cookies are part and parcel of the HTML that flows from the Web server to the user's PC in most commercial sites. Are the Eurocrats saying that cookies will need to be stripped out from the HTML until the user has ticked a box or sent an e-mail saying that they are happy
A cumbersome process
Will this mean that businesses will stop using cookies rather than face having to embark on such a cumbersome process? Important questions that apparently they have not thought through.
The Eurocrats have completely overlooked the importance of cookies in the way the Web works. My wife buys our groceries from SimplyOrganic.net. Our favourite organic chocolate biscuits, wholemeal bread and so on are on our shopping list which is
This is just one way in which cookies enhance the user experience. There are many others. What would it mean for Amazon, Tesco and all those other sites if cookies are removed? Millions in lost revenues possibly.
Overdoing the privacy risk
Brussels also seems to have blown completely out of proportion the privacy risks presented by cookies. Yes, you can build a profile about someone by their Web use but most of the time that will be pretty innocuous stuff. Having said that there are legitimate concerns that some online advertising businesses are pushing the boundaries of acceptability. Don't you get annoyed when those double-click frames keep popping up?
The silly thing about this is that there is a far more practical way of dealing with the privacy issues raised by cookies. The solution is to raise user awareness. I would say that the line on legitimacy is crossed when cookies are used in a covert way to collect information. Why not just require cookie users to tell people what they need to know and tell them how to disable the blighters? This is possible with most browsers after all (see cookiecentral.com for tips).
This is the line taken by Elizabeth France, the UK Information Commissioner, who is not exactly a soft touch on privacy. Why can't Brussels take a leaf out of her book on this one?
Because this regulation only saw the light of day on 24 October, there has been little time for Internet businesses to react and muster their lobbying forces. If I were an owner or operator of a Web site using cookies I would be lobbying hard now to make sure that this misconceived regulation never becomes law.
It is worth noting that the Interactive Advertising Bureau UK is coordinating efforts in the UK to do just that - why not drop them a line?
A cookie too far?
Is the EU move part of the championship of individual rights or a piece of meddlesome bungling?> >Let us know with an e-mail.
Peter Hall is TMT at law firm Wragge & Co - www.wragge.com