New EU Proposals Threaten a Cookie Clampdown

A revision of EU privacy law could have a devastating effect on online advertising.

Under the new rules publishers must gain users' consent before placing cookies on their machines. Online ad practises like behavioural targeting, retargeting and audience segmentation will all be effected.

The change will see national governments having to:

"ensure that the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his/her consent, having been provided with clear and comprehensive information."

The EU are objecting to online advertisers collecting data without the users' knowledge. Common practice is to make users aware of cookie use through privacy policies posted in their small print. With ever-improving behavioural and semantic targeting relying on cookies, the EU's threats to step in if the industry doesn't regulate itself will raise concerns at publishers in an already-difficult advertising market. The gloves, it appears, are most definitely off.

The proposals will mean that companies like Google AOL, Microsoft and Yahoo and various ad networks, who would usually use cookies, would have to gain users' consent before collecting any data on their browsing behaviour. Cookies will only be allowed when they're either strictly necessary to provide a service (Amazon, e-commerce sites) or if they're explicitly requested by the user.

For Danvers Baillieu, technology lawyer at Winston & Strawn, the proposals won't bring too drastic a change:

"If you look at most privacy options you often have to click to accept cookies. People will have to adapt to these developments and it will become a case of opt-in rather than opt-out"

Some argue that the Internet Advertising Bureau (IAB), the trade association for the internet marketing industry, should be doing more to stave off formal regulation of this kind. The European Commission has already threatened legal action over the UK's lack of an independent body to deal with privacy complaints rumbling on from the Phorm controversy earlier this year.

Earlier this year the IAB went as far as to launch www.youronlinechoices.co.uk which includes a set of good practice principles on data collection and ad targeting. The principles skirt around the issue of user consent, only going as far as allowing an opt-out option.

But if the charge is that the IAB needs to do more to satisfy regulators and that the organisation is under-regulating, it's a trumped up one. The opt-out option, I think at least, is enough at the moment. It's not a case of under-regulating but rather taking the most sensible option in the circumstances.

The speed at which we jump between websites makes having to give consent everytime we come across a new site painstakingly annoying, surely? Or is it worth the extra hassle to know that our browsing history isn't being horded en-mass to be then thrown back at us in tailored ads?

Certainly an interesting problem for every publisher's interactive architects to get their heads around.

Picture courtesy of scubadive67. Some rights reserved.