E-Privacy: The Way the Cookie Crumbles

Photo Provided by: Pete Taylor on Flickr

On May 26th, 2011, a new European Union (EU) Directive came into effect revolutionizing Internet privacy. The newly enacted Directive, Directive 2009/136/EC of the European Parliament and of the Council of 25 Nov. 2009, has been appropriately labeled “the Cookie Directive” because it mandates that without an Internet user’s affirmative assent websites cannot use cookies. Cookies are files that are installed on a user’s computer during web browsing used to authenticate, track, and profile the Internet user’s web surfing behavior. The Cookie Directive requires that any Internet website that directs activities at EU Member States must allow users to opt-in, providing explicit consent to access or store personal information.

The Cookie Directive amends EU directives addressing electronic privacy (e-privacy): Directive 2002/22/EC, Directive 2002/58/EC and Regulation (EC) No 2006/2004. Unlike the earlier E-Privacy Directive that required an option to opt-out to refuse cookies, the new Cookie Directive requires that users opt-in before cookies are used at all. The Cookie Directive requires that a website get a users informed, affirmative consent before using cookies to store or access personal information or to track their website activity.

Internet users have expressed an interest in protecting their personal information. Google Inc.’s Executive Chairman, Eric Schmidt, said some pretty scary stuff in a 2010 interview with The Wall Street Journal concerning the lack of privacy on the Internet. “[W]e [at Google] know roughly who you are, roughly what you care about, roughly who your friends are." “It will be very hard for people to watch or consume something that has not in some sense been tailored for them.” The EU has responded to these concerns with multiple Directives that are representative of value Europe places in protecting individual privacy.

Companies with websites are not yet sure how to comply with the new regulations. There are worries about how to actually implement the directive. If a website is forced to comply with the directive, operators will have to spend a lot of time and resources to make the changes.

Web analytics, is third-party software installed on websites to track user behavior. Web analytics software uses cookies to track website behavior. It is one of the best methods for tracking the interest of website users. Adobe Omniture is one of the most popular web analytic software programs. The directive may require Adobe, and other web analytic companies, to implement changes to their software. The cost of the change will likely be passed on to web operator, users of the software. The online marketing industry will also take a hit, as they rely on analytics software.

If websites can no longer track user behavior, web operators will have to make uninformed, wild guesses about the best user experience. Being prevented from tracking user interests will prevent tailoring the experience and will result in less relevant and individually interesting user experience. The directive is overly broad. It should be limited to tracking individuals, but not include tracking users as a whole.