UK Cookie Regulations Threaten Online Business

BY CCIA Staff
May 31, 2011

The European Commission recently enacted a new directive that went into force last Thursday night and would strongly regulate the circumstances under which web cookies can be placed on users’ computers. Cookies are small pieces of text that are stored on the user’s computer and are transmitted back to the website that placed it whenever the user visits again. Cookies are fantastically useful, because they are the best way for a website to remember who you are from one page refresh to another. They enable sites like Amazon or a webmail provider to to keep you logged in as you use the service over time. They can also be controversial, however, because they allow the tracking across the web that leads to online targeted advertising.

For those unfamiliar with European Union legislative process, directives are legal requirements decided upon by the EU government which only take force by virtue of being implemented in the member states through national regulation within that state. In the case of the United Kingdom, the government’s Information Commissioner’s Office has put out their regulations to implement the EU directive. The ICO implementation would, broadly speaking, require a website to get the opt-in consent of a user before placing a cookie on her machine. The ICO acknowledges that this consent could be achieved by relying upon the user’s browser privacy settings, but then goes on to say that no browsers on the market today currently provide enough user control to reach that level of consent.

Needless to say, this is a u-turn in the normal course of Internet business. Placing a cookie on a user’s machine has, historically, always been an opt-out proposition. Cookies were presumed to be something a user wanted, because of their almost essential place in making websites work the way users expected them to. Every browser also provides a way to allow those users who didn’t want to have cookies on their computer to deny cookies entirely or to have the browser ask before setting or sending them. Requiring every user to affirmatively agree to allow a cookie to be placed, potentially every single time it happens, would disrupt the web browsing experience so much so as to make the Internet essentially unusable.

That is why CCIA is glad to see news last week that the UK ICO has decided to postpone enforcement of the new cookie rules for a year, both to give time to companies to decide how they will go about obtaining the necessary consent, and to give the browser manufacturers time to implement user control features that will automatically handle the question of consent. We would also suggest to the ICO that they take the year to reexamine their cookie policy and look for ways in which it can pose less of a burden to web sites while still protecting privacy. We are sure there are solutions along those lines, and we hope that the ICO agrees. We also emphasized many of these points in a response to the UK’s Electronic Communications Framework Consultation that we submitted late last year. We also hope that other member states within the EU will take a cue from the United Kingdom, and postpone their own implementations while the industry figures out how they can best comply with the new regulations, protect the privacy of their customers, and maintain their own business models.

Related Articles

CCIA, Industry and Civil Society Groups Send Joint Letter To EU Policymakers On Preventing Terrorist Content Online

Sep 21, 2020

CCIA, industry and civil society groups today sent a letter to EU policy-makers on the proposal on preventing the dissemination of terrorist content online.  CCIA fully supports the objective of the EU institutions to counter terrorism and incitement to violence. The joint letter encouraged EU policymakers to define a clear scope and definition of terrorist…

European Commission Issues Temporary Rules to Allow Companies to Continue Removal of Online Child Sexual Abuse Material

Sep 10, 2020

Brussels, BELGIUM — The European Commission published a proposed Regulation today allowing online communications providers to continue to detect and remove child sexual abuse material (CSAM) from their services.  This proposal is designed to make up for an unintended consequence of the existing e-Privacy Directive, which will apply to online messaging services as of 21…

CCIA Responds to the European Commission Consultation on Article 17 of the Copyright Directive

Sep 10, 2020

Brussels, BELGIUM –The Computer & Communications Industry Association offered comments on the implementation of Article 17 of the Copyright Directive today. CCIA’s comments include elements such as the scope of services covered, how online content-sharing service providers have to provide their ‘best efforts’ to obtain rightsholders’ authorisation, and avoiding unauthorised content online.  After months of…