Cookie Law: regulatory failure

Need prior consent to eat cookie?

There are some things in life that are so wrong at every level that as soon as they see the light of day deserve a big fat “FAIL” caption. That “Mission Accomplished” banner. Boy bands. Any movie bearing the words “A Film by Michael Bay”. Misplaced CCTV cameras. The latest addition to this rogue gallery has to be the new attempt to regulate cookies.

Cookies? Yes, cookies; those little bits of text stored in your computer by a website that serve a myriad of functions, such as tracking whether you are a repeat visitor, or that might be used to tailor online advertisement. Cookies have been regulated since the Directive on Electronic Privacy 2002/58/EC, which established that website users had to be given clear information about the nature of the storage, as well as being given a clear choice as to whether or not they wish to allow a service provider to continue to store information. This seemed rather excessive, but most websites simply created cookie policies and left it at that.

Unfortunately, the European Commission could not leave cookies alone, and as part of the Telecoms Package we are getting an overhaul in cookie law. The old directive will be amended to read:

“Member States shall ensure that the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information, in accordance with Directive 95/46/EC, inter alia about the purposes of the processing. This shall not prevent any technical storage or access for the sole purpose of carrying out the transmission of a communication over an electronic communications network, or as strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the service.”

So, cookies necessary for the normal function of the website are fine, but any other type of cookie will require prior consent from the user having given clear and comprehensive information about the type of use this will be given. I am guessing click-wrap agreements will have to pop-up every time you visit a website in Europe for the first time, which in a deliciously ironic twist will have to be tracked via cookies. How else are websites going to know that you have not visited the site before?

Kudos to the good folk at OUT-Law for publicising this monumental regulatory failure. Why are policy-makers so obsessed with cookies when there are more pressing cyberspace issues that require urgent action? What this foolish legislation may accomplish is to drive electronic commerce businesses out of the EU and into saner regulatory shores.

Comments 1

Leave a Reply