Thursday, 10 March 2011
Cookie Trouble

I read the following news article with interest about the European Unions new laws that basically state you have to ask the users consent to place a cookie on their machine.  Reading through the new legislation I found the paragraph below, which appears to be the only paragraph that refers to cookies.

"Third parties may wish to store information on the equip­ment  of a user, or gain  access to information  already stored, for a number of purposes, ranging from the legiti­mate (such as certain types of cookies) to those involving unwarranted intrusion into the private sphere (such as spy­ware or  viruses). It is therefore of paramount importance that users be provided with clear and comprehensive infor­mation when engaging in any  activity which could result in such storage or gaining of access. The methods of pro­viding information and offering the right to refuse should be as user-friendly as possible. Exceptions to the obligation to provide information and offer the right to refuse should be limited to those situations where the technical  storage or access is strictly necessary for the legitimate purpose of
enabling the use of a specific service explicitly requested by the subscriber or user
. Where it is technically possible and effective,  in accordance  with the relevant  provisions  of Directive 95/46/EC, the user's consent to processing may be expressed by using the appropriate settings of a browser or other application. The enforcement of these require­ments should be made more effective by way of enhanced powers granted to the relevant national authorities.."

If you look at the second section of highlighted text it appears an exception to this rule is when placing a cookie onto the users machine is to do with the explicit working of the service the user was expecting. So for example if you log into your banks website with a username and password the placing of a cookie onto the users machine without their consent is legitimate as the service would not work without it as the user expected. This is basically how I understood this paragraph.

What I do think will be an issue are people that use analytics packages on their websites (it is unclear if this is covered), paid for advertising and  affiliate tracking programs. I can already think of several organisations such as Google, Yahoo and even MSN/Bing that may be affected by this. I don't feel much thought has gone into this legislation and I am not too sure how this legislation will be enforced. It will not stop affiliate or tracking sites that are not hosted in the EU. It could end up with companies hosting these services or making use of services from countries outside of the EU zone to get around this issue.

One thing that is incredibly difficult to do, and that is to govern how sites work on the Internet. It is not the job of governments but of International bodies how this should work.  What the legislation cannot protect against are spyware and illegal sites making use of this information or tracking users in this way. I also feel that not much thought has gone into how this legislation would be interpreted or if it could possibly destroy how some businesses work.

A rather funny take on this new legislation can be found here

posted on Thursday, 10 March 2011 00:25:18 (GMT Standard Time, UTC+00:00)  #    Comments [1]