Confusion reigns over EU cookie regulations
DEVELOPMENTS in web-browsing technology have largely consigned the irritating pop-up advertisement to internet history. But European Union (EU) rules aimed at protecting web users from intrusive advertising have led to a new crop of pop-ups appearing on websites in the past week.
Last weekend saw the implementation of new regulations about cookies, digital data that can track surfing behaviour across the web, and an accompanying last-minute rush from several popular websites to comply, with many using small pop-up messages on their homepages.
But several surveys of consumers and companies show most remain confused about the 2009 European e-privacy directive, which requires website owners to get the consent of visitors to the use of cookies.
The UK’S Information Commissioner’s Office (ICO) said last May it would allow a year before it began to enforce the directive. But although this period of leniency expired on May 26, the ICO is still giving mixed signals on whether it intends to prosecute sites failing to comply. As late as last week, it issued “updated” guidance on what site owners should do. The ICO says it will permit “implied consent” from users rather than the explicit decision to opt in or out of cookies many had assumed would be required.
Though a £500 000 fine is theoretically possible, the ICO says this is unlikely in the short term. This will come as a relief to many in the internet industry, so reliant is the technology on these small files that control everything from targeted advertising to shopping baskets. As such, for all the culinary images that cookies conjure, it is oil to which consumer data are most often compared. “For all its connotations, we think the comparison between oil and data is apt,” Catherine O’Neill, media analyst at Citigroup, wrote in a note to clients last week. “The companies of the 21st century, in particular the internet behemoths, are built on data. This brings with it the potential for significant upside — utility, efficacy, monetisation — but also risks, such as security and legality.”
Some internet entrepreneurs, such as Michael Ross, founder of Figleaves, an online retailer, and latterly eCommera, which provides e-commerce technology, have openly said they will ignore the new laws.
“The EU cookie law is simply a bad law and a restraint to trade online at a time when business needs all the help it can get,” Ross said.
The ICO’s main concern is the third-party cookies, placed on users’ computers by companies other than the visited site’s owner, which are often used for targeted advertising. Large numbers of these can be present on websites, unbeknown to users. The ICO is writing to more than 50 companies to find out if they are notifying people.
“Fines are not really the way to go; we prefer to use enforcement notices, where we tell companies what they are expected to do, and if they don’t do it, it is a prosecutable offence,” David Evans, manager of the ICO’s business and industry group, said.
The ICO may have to send out many such notices. A KPMG survey last month found 95% of companies had yet to comply with the rules.
“Thankfully, most businesses are simply ignoring the new law,” said Ross. “Let’s hope the ICO does the same.” 2012 The Financial Times Limited