New Cookie Law Creates Confusion in E.U.

E.U. member states expected to miss May 26 deadline for implementation of new online privacy law.

A directive that takes effect Thursday requires website operators and advertising companies operating in Europe to gain “explicit consent” for every cookie they place on users’ machines.

But some member states will likely miss the deadline, leaving publishers and online media companies unsure of what business practices they must alter in order to operate legally in the continent, if any.

The requirement is a provision in an amendment to the E.U.’s Privacy and Electronic Communications Directive, which was adopted in 2009. The revision is intended to give users greater control over the cookie data that is stored on their machines for purposes such as content personalization and ad targeting.

To date only Denmark and Estonia have reported implementation of the directive to the European Commission, according to Jonathan Todd – a spokesman for its vice president, Neelie Kroes. Each member state is expected to notify the Commission of its compliance with the directive.

The commission anticipates notifications from the U.K. and Ireland tomorrow, but also assumes multiple states will miss the deadline completely. “We’re not expecting notifications from all member states by tomorrow evening, and we’re aware many haven’t undertaken the necessary preparations,” he told ClickZ, warning, “Infringement proceedings will follow the deadline.”

Practically speaking the commission is unlikely to take immediate action against countries that are slow to comply, however, according to Quentin Archer – a technology specialist at London-based law firm Hogan Lovells. “If there are several lagging there’s no way the commission will come down hard on them immediately,” Archer said, suggesting it will likely take a more aggressive approach if those states still don’t comply in six months time.

According to some, the primary reason for the delayed implementation of the directive is confusion around its intended purpose, as well as how best to implement it without destroying the businesses that rely on cookie placement to generate revenue, such as online advertising networks.

“The fact that numerous states haven’t transposed the directive in time shows that people are having difficulty understanding it. It’s badly written, and we’ve pointed that out from the beginning,” said Kimon Zorbas, vice president of pan-European online ad trade body IAB Europe.

According to Zorbas, each European state could interpret and subsequently enforce the directive differently, creating a fragmented legal landscape across the EU. “It’s going to be extremely messy if you want to be compliant in several member states,” he said.

The IAB Europe has been fighting the commission’s decision to introduce an “explicit consent” requirement, arguing that it could bring the Internet grinding to a halt as websites seek consent for cookie placement through pop-ups and other awkward mechanisms.

Though the U.K. has yet to inform the commission of its compliance with the directive, the Information Commissioner’s Office – the regulatory body responsible for enforcing privacy laws in the U.K. – has issued guidance for companies operating in the market. That advice has come under fire from parties in the U.K., though, for being too vague and arguably contradicting language used in the directive itself.

For example the directive suggests users can express consent through the use of browser settings, whereas the ICO guidance states, “At present, most browser settings are not sophisticated enough to allow you to assume that the user has given their consent to allow your website to set a cookie… We are advising organizations which use cookies or other means of storing information on a user’s equipment that they have to gain consent some other way.”

The ICO recommends consent should instead be obtained through other means – such as pop-up windows – but gives little concrete information regarding which types of cookies that requirement pertains to, or how U.K. companies should implement such a measure. “I’m extremely concerned about the ICO’s view on browser settings,” Zorbas said, arguing the Office’s view implies the European Commission is “silly” for suggesting that browser settings would suffice as consent.

As Archer points out, however, the ICO itself has billed the guidance as a work in progress and highlighted broad solutions to allow companies to experiment with different ways to satisfy the directive depending on their business practices. “It’s clear the ICO does not expect everybody to be fully in compliance by Thursday, but it expects people to be putting plans into place by the very least,” he said.

In the meantime, there’s little companies operating across Europe can realistically do to satisfy the directive, given that local laws haven’t been set in place in the majority of markets. Until that happens, major European online players are unlikely to rush into anything.

UPDATE: After this story published, the U.K. Information Commissioner’s Office announced it will not enforce the new E.U. directive until May 2012.

Subscribe to get your daily business insights

Whitepapers

US Mobile Streaming Behavior

Whitepaper | Mobile US Mobile Streaming Behavior

5y

US Mobile Streaming Behavior

Streaming has become a staple of US media-viewing habits. Streaming video, however, still comes with a variety of pesky frustrations that viewers are ...

View resource
Winning the Data Game: Digital Analytics Tactics for Media Groups

Whitepaper | Analyzing Customer Data Winning the Data Game: Digital Analytics Tactics for Media Groups

5y

Winning the Data Game: Digital Analytics Tactics f...

Data is the lifeblood of so many companies today. You need more of it, all of which at higher quality, and all the meanwhile being compliant with data...

View resource
Learning to win the talent war: how digital marketing can develop its people

Whitepaper | Digital Marketing Learning to win the talent war: how digital marketing can develop its people

2y

Learning to win the talent war: how digital market...

This report documents the findings of a Fireside chat held by ClickZ in the first quarter of 2022. It provides expert insight on how companies can ret...

View resource
Engagement To Empowerment - Winning in Today's Experience Economy

Report | Digital Transformation Engagement To Empowerment - Winning in Today's Experience Economy

4w

Engagement To Empowerment - Winning in Today's Exp...

Customers decide fast, influenced by only 2.5 touchpoints – globally! Make sure your brand shines in those critical moments. Read More...

View resource