Careful: The European Union Is Messing With Your Cookie Jar
Europe sometimes steers its own course when it comes to privacy matters. I’ve written about the European privacy gaffes before. Some countries like Germany, France and Italy really take a firm stand on privacy matters when it comes to search engines. These countries take aggressive positions with Google and other search engines. Other countries, however, […]
Europe sometimes steers its own course when it comes to privacy matters. I’ve written about the European privacy gaffes before. Some countries like Germany, France and Italy really take a firm stand on privacy matters when it comes to search engines. These countries take aggressive positions with Google and other search engines. Other countries, however, seek to regulate a much larger target: the entire web. Here’s what’s been going on in the privacy debate in Europe recently, specifically when it comes to cookies.
Last November the European Union agreed on a new telecom rule which could have a tremendous effect on the way we work online in Europe. The rule was intended to strengthen consumer rights, an open internet, a single European telecoms market and high-speed internet connections for all Europeans. The rule however is also meant for protection of consumers when it comes to personal data breaches and spam.
Part of the rule is that users have to be better-informed about what is going on “behind the scenes,”—in other words, you have to tell visitors to your website when you are placing cookies. But the actual rule is even slightly more onerous if you read it carefully:
“The subscriber or user concerned has given his or her consent, having been provide with clear and comprehensive information, in accordance with Directive 95/46/EC, inter alia about the purposes of the processing.”
So the user actually has to acknowledge that he knows you are placing a cookie on his computer. That caused quite the uproar at first. Having to ask for a consent on each and every cookie placed would have made browsing the web almost impossible. You would have gotten pop ups asking for your permission after every link you click. That probably would have meant a change in structuring of websites.
Luckily the European Union slightly adjusted the rule:
“Where it is technically possible and effective, in accordance with the relevant provisions of Directive 95/46/EC, the user’s consent to processing may be expressed by using the appropriate setting of a browser or other application.”
This means that cookie acceptance can be handled on the browser level, meaning you will only have to “accept” cookies once in your browser settings and you are done.
So, that was close, we were almost caught in a cookie-loophole there. Case closed. Right?
The European Union is not like the United States. The European Union does set the rules for its member countries. In this case member countries must implement the new rule by May 25th 2011.
But here’s where things get complicated: each country can decide for itself how it wants to implement the rule. Which means each country can decide whether to require cookie acceptance on a browser level or on website level.
For example, in the Netherlands the Minister of Economic Affairs was the one deciding on this rule. And she decided to take a step away from the general European direction taken. She wants the “opt-in” to be at a browser level.
This of course caused a lot of uproar amongst Dutch internet marketers. Several organizations have already opposed the Minister’s move. So far she hasn’t decided on whether or not the Dutch government will make changes to the decision. Some of my sources say chances are there are going to be new changes to the ruling in the Netherlands, which will probably make it easier to work with.
So what should you do?
Of course you would like to know how this will affect your business in Europe and how you should act on that. Chances are at first you won’t notice very much about this issue since many countries will most probably opt for the most user friendly way. But you never know how different countries might act on it. And in addition to cookie disclosure rules, Europe will probably be looking into more privacy-related measures over the coming months, so its a smart idea to keep yourself informed if you plan on targeting Europe.
Some things you can do now:
- Take a good look at the rulings in different countries
- Offer users in countries with a “cookie-problem” another option
- Don’t trust your analytics too much
- If you see a decrease in traffic in a specific country be sure to investigate whether or not this country has specific rulings
- Keep an eye on the European regulations
Opinions expressed in this article are those of the guest author and not necessarily Search Engine Land. Staff authors are listed here.
New on Search Engine Land