In an effort to enhance privacy laws, European regulators have set their sights on digital cookies.
Cookies are pint-sized pieces of code that track information such as the sites web surfers visit and where they log in. But they could spell major losses for online advertisers and companies like Google and Facebook if the European Union adopts a law that would require users to actively consent to cookies' use.
The European Commission, the executive arm of the 28-nation bloc, submitted the proposed legislation on Tuesday, dubbing it the Regulation on Privacy and Electronic Communications. The European Parliament and member states must approve it before it becomes law. They can also amend the legislation as they debate it.
As it stands now, the proposed regulation would replace the bloc’s ePrivacy Directive last revised in 2009, before the classified information Edward Snowden leaked changed the way the world views digital privacy. Since then, the European Union has made protecting the privacy of its citizens a priority: The bloc adopted sweeping reforms last spring, and ruled against Britain’s so-called “Snooper’s Charter” that requires telecommunication companies to keep records of people's web activity for one year and grants government officials access to that data.
But online advertisers and advocates warn the latest legislation will send shockwaves across the World Wide Web – and perhaps lead to more distracting pop-ups for users.
“This proposal risks harming the livelihood of millions of websites and apps that rely on digital advertising to fund content and tools for consumers, not just in Europe, but in the US as well,” says Dave Grimaldi, the Interactive Advertising Bureau’s executive vice president of public policy, in a statement emailed to The Christian Science Monitor.
“As written, it will diminish our members’ ability to innovate by introducing prescriptive rules that cannot adapt to the rapidly evolving digital economy. Citizens in Europe and around the world are better served by laws and self-regulatory regimes that protect consumers without hindering access to their digital world,” he said.
The new law would require companies to get the consent of users before accessing their digital information. In doing so, the law would require web browsers, on installation, to ask users whether they want to allow websites to place cookies on their browser. If a user rejects the request, they would still see ads online, but they wouldn’t necessarily be personalized to cater to users’ potential interests.
Under the proposal, companies that don’t comply with the regulations will face fines of up to 4 percent of their global turnover.
This targeted advertising, in which ads are personalized to a user based on their search history, is a major source of revenue, especially for companies like Google and Facebook that offer free web email and social media services.
Last year, digital ad spending in Western Europe stood at $35 billion and is set to approach $45 billion by 2020, according to market-research firm eMarketer. In Britain alone, online advertising generates 10 billion pounds ($12.16 billion) of revenue for publishers and content creators, according to the Internet Advertising Bureau (IAB).
It is unclear how much digital ad revenue comes specifically from targeted online ads. But if a significant number of users opt out of those premium, targeted ads, it could hit the bottom line for big online ad brokers like Google and Facebook, The Wall Street Journal reports.
Google declined to comment. Facebook did not respond to a request for comment by press time.
Digital privacy remains important to both Europeans and Americans. As the European Commission noted in a press release about the proposed legislation, 92 percent of Europeans say it is important or very important their personal information on their digital devices can only be accessed with their permission, according to its Eurobarometer survey. Ninety-two percent of the more than 25,000 respondents also said it is important or very important the confidentiality of their emails and online instant messaging be guaranteed.
These responses mirror American attitudes. A 2015 survey by the Pew Research Center found 93 percent of Americans say that being in control of who can get information about them is important, while 90 percent of respondents say that controlling what information is collected about them is important.
“The proposed Regulation on Privacy and Electronic Communications seeks to address those concerns,” according to a statement from the European Commission. “At the same time, the new rules will support innovation and increase consumer trust.”
It also might annoy users, Townsend Feehan, chief executive of IAB Europe, said in a statement. If passed, the legislation might lead companies to display pop-ups asking users to switch their settings to allow cookies before they can access services.
“People who thought cookie banners were annoying will be disappointed to hear that things won’t get better,” Ms. Feehan said.
The proposed legislation is in line with sweeping privacy reforms the European Parliament adopted in April which are set to take effect in spring 2018. The General Data Protection Regulation provides a single set of rules on internet privacy safeguards, giving individuals vastly greater control over how their information is handled by both European and American tech companies, as Colette Davidson reported for the Monitor.
But the proposed legislation also has parallels to a debate in the United States over the so-called do not track feature in many web browsers, which would restrict cookies, as the Monitor reported in October 2015:
A universal do-not-track feature has been advocated by privacy groups after being introduced by the Federal Trade Commission in 2010. But the World-Wide Web Consortium (W3C) – composed of software companies, academics, privacy groups, and others who determine international Web-browsing standards – has long struggled to develop a unified approach for the feature.
This report contains material from Reuters.