Online Behavioral Advertising in the EU – The Need for User ‘Consent’

BY CCIA Staff
September 30, 2011
The advertising industry has drafted a self-regulatory framework this year to meet legal requirements regarding the placement of cookies on Internet users’ machines for the purpose of online behavioral advertising. This framework, drafted in response to legal requirements, is based on an opt-out approach. The approach would enable Internet users to obtain relevant information about the purpose of data collection, and then have the possibility to opt out of behavioral advertising schemes, if requested.

This approach, however, does not satisfy the EU’s Article 29 Working Party, which is composed of national data protection officers and oversees the implementation of data protection laws in the EU. According to the Art. 29 WP, the self-regulatory framework does not meet the requirements of EU law since ‘consent’ to OBA can only be given in an opt-in framework with the Internet user actively agreeing to it. This interpretation of existing law was recently confirmed in a meeting between representatives of the Art. 29 WP and the advertising industry.  Even though the opinions of the Art. 29 WP are not legally binding, they provide guidance in implementing data protection laws across the EU.

It is noteworthy that the restrictive viewpoint of the Art. 29 WP comes at a time in which the EU (as well as the U.S.) is in the midst of rewriting its data protection laws. The EU Commission is expected to publish a new data protection framework, including provisions specifically addressing the online world. The Commissioner responsible, Viviane Reding, initially wanted to publish it in November but it is very likely that it will take the Commission longer to finalize the proposal. Furthermore, the Art. 29 WP is expected to adopt an official opinion on the advertising industry’s self-regulatory scheme by the end of this year.

In the current situation, the legal implications remain uncertain. The implementation and enforcement of the ‘Cookie Directive’ is the responsibility of individual Member States, which increases the risk of regulatory variations across the EU. The difficulties and uncertainties with the implementation of key provisions of the Directive can clearly be seen in the mixed implementation records of Member States. Even though all of them should have implemented the provisions by end of May this year, most of them have not met this deadline.

Against this background, any future rules should pursue three basic goals. First, increase legal certainty by laying down less ambiguous provisions. Second, continue to work with international partners to develop common approaches in order to minimize costs resulting from discrepancies in legal regimes. Third, account should be taken of the importance of a more flexible regulatory approach. It should be remembered that OBA has greatly benefited consumers by enabling applications providers to offer their services at minimal or even no costs. In lowering barriers to entry, OBA greatly contributed to a competitive online environment that not only encourages companies to innovate in various types of products and services, but it also drives them to compete over privacy practices that are closest to customers’ preferences. Rigid, regulatory approaches entail the risk of chocking off these healthy competitive forces.

Related Articles

CCIA, Industry and Civil Society Groups Send Joint Letter To EU Policymakers On Preventing Terrorist Content Online

Sep 21, 2020

CCIA, industry and civil society groups today sent a letter to EU policy-makers on the proposal on preventing the dissemination of terrorist content online.  CCIA fully supports the objective of the EU institutions to counter terrorism and incitement to violence. The joint letter encouraged EU policymakers to define a clear scope and definition of terrorist…

European Commission Issues Temporary Rules to Allow Companies to Continue Removal of Online Child Sexual Abuse Material

Sep 10, 2020

Brussels, BELGIUM — The European Commission published a proposed Regulation today allowing online communications providers to continue to detect and remove child sexual abuse material (CSAM) from their services.  This proposal is designed to make up for an unintended consequence of the existing e-Privacy Directive, which will apply to online messaging services as of 21…

CCIA Responds to the European Commission Consultation on Article 17 of the Copyright Directive

Sep 10, 2020

Brussels, BELGIUM –The Computer & Communications Industry Association offered comments on the implementation of Article 17 of the Copyright Directive today. CCIA’s comments include elements such as the scope of services covered, how online content-sharing service providers have to provide their ‘best efforts’ to obtain rightsholders’ authorisation, and avoiding unauthorised content online.  After months of…