A comment on "Online privacy and the ePrivacy directive"

Online privacy and the ePrivacy directive

Website publishers should not be told to “go ahead” if they want to use cookies. The law in most European jurisdictions require that consent is obtained prior to cookie placement, and regulators across Europe are capable of enforcing it. In addition telling them that they will be able to rely on future “Browser Settings” will just lead to confusion and disrespect for the law.

Consent cannot be assumed from default “Browser settings” or the absence of “Do-Not-Track” indications because most citizens do not have the technical knowledge needed to understand them. This was recognised by the data protection regulators and drafters of the law, which has been debated and accepted by the UK parliament and those across Europe.

It is possible that browser manufacturers could introduce features in the future that would give visitors the fine-grained ability to register agreement to cookies, but web site publishers would still not be able to rely on that because they may not be able to detect whether a particular visitor was using a new browser and had been given the information required to give their consent. Legal responsibilities rests with the web publishers alone.In any case most of the browser manufacturers get significant income from data aggegation and behavioural tracking and may not be motivated to design features that they think would reduce that.

Guidance issued by various data protection regulators and the Article 29 working group has indicated that consent to cookies does not have to be obtained at every visit. It is perfectly acceptable to get agreement once and place cookies without asking on subsequent visits, although it is recommended that the consent should “expire” after a reasonable period. Solutions to the cookie consent issue that allow website publishers to comply with law simply and cheaply are already available. There is no need to rely on, or wait in vain for, mythical “browser settings”.

The commercial interests behind advertising and data aggregating are short sighted to try and obfuscate this issue because they are pitting themselves against the populace. Very many citizens feel there is a lack of respect about how their personal information is acquired and used on the web, and this is leading to lack of trust that could in fact inhibit the acceptance of online commerce. It is also wrong for politicians to take sides with the aggregators for the sake of protecting economic growth.

It is common sense that visitors to web sites should be made aware if cookies, or any other kind of identifying data, are being place in order to track their online activity, and be given the the ability to refuse them. Ultimately ensuring transparency and honesty in online commerce will lead to more consumer trust and a more sustainable online economy.