The Council of the European Union has approved a law ending the current use of tracking cookies in the EU within 18 months. The EU directive will now be turned into national laws. In detail, the new regulation will require that a cookie can be stored on or accessed from a user’s computer only if that user “has given his or her consent, having been provided with clear and comprehensive information.â€
There is only one exception to the rule: Permission to store or read cookies is not mandatory when their use is “strictly necessary†for the provision of an “explicitely requested†service. That means, if a user is clicking through an online shop and puts items in the virtual shopping basked, the site may use cookies. However, the site may not read or write cookies for the purpose of third-party advertising as users don’t explicitely ask for the display of advertising. In theory that means that any site serving ads will need to ask for users’ consent.
If the laws will actually be enforced it will mean the end for a lot of business. Many sites out there derive their revenues from consent-less advertising only. This also includes Facebook, YouTube and so on. As most ad servers out there are completely based on cookies, these companies would have to ask their users for permission to show them “well-chosen offers of partnersâ€. This would also give users the option to choose an ad-free YouTube or Facebook. Who is going to be paying for the service then? Will casual communities introduce subscription fees just like LinkedIn?
The consent requirement for the use of browser cookies also applies to analytics. All sites using Google Analytics, Omniture etc. will need to ask for explicit permission to store and read cookies too. This however isn’t all that bad. No matter which website I visit, I always see Google Analytics requests in the status bar of the browser. They can track a user across the whole internet which is quite scary actually. At this time nobody is asking for my permission.
I’m not sure if the directive will really become effective national laws. There is too much money in online advertising and I think a lot of companies will begin some heavy lobbying soon. The new regulation would kill some of the greatest innovators out there. The other question is how the authorities will actually be enforcing the laws. Anyhow, cookie-less tracking techniques will become more and more important.
Pingback: Tweets that mention The End of Tracking Cookies in Europe? | Peter Glaeser -- Topsy.com
How would they enforce a law that would make literally hundreds of millions of web sites illegal?
I am absolutely opposed to corporate tracking cookies, they are simply vile. I just don’t see how the EU could even hope to police this. But if it stops at least the big 7 or 8 names from tracking (#1 being Google), it would be an enormous boost to free information and privacy.
It is sad how Google now forces the google.com tracking cookie to everyone who wants to use *any* service owned by Google. There used to be a gmail.com, now it is gmail.google.com, so that it falls under the same google.com domain name. This way their tracking cookie is not a “third party” cookie. It’s simply evil. I just discovered today that even YouTube accounts now *require* a google.com tracking cookie, this is just *so* wrong.
It should also be noted that this article is quite incomplete. After Google received the wrist-slap for tracking users of the .gov sites, and was told to *NOT* track users unless they click on the video — they told the public that they had made this change, but it was a lie. Instead of Google removing the tracking cookie, they merely changed its form. Now they don’t use a standard web cookie, they switched to using an Adobe Flash based cookie, which is much, much harder to detect and remove. Very few people even know of the existence of Flash cookies!