European laws target computer 'cookies,' but is compliance already crumbling?
As global concern over cyber identity sleuthing by commercial interests grows, the European Union (EU) has taken the lead in controlling computer cookies. Will it disrupt Internet commerce?
Los Angeles — Resisting a chocolate chip cookie is a dieter’s nightmare. But fighting unwanted digital “cookies” – the little text files that allow web sites to track your computer activity – is the new coin of the digital realm.
As global concern over cyber identity sleuthing by commercial interests grows, the European Union (EU) has taken the lead on the issue. Wednesday was the deadline for compliance with the first government-sanctioned “cookie laws” designed to give consumers the ability to choose whether to be tracked in their digital lives.
The 27 countries of the EU were supposed to begin implementing laws allowing any EU-based user the right to opt-in to being tracked. But compliance with the cookie law has been anything but sweet.
Depending on the definition of compliance, as few as two countries and maybe as many as nine have actually indicated an effort to require companies to provide an opt-in mechanism for EU-based consumers. The UK is complying, sort of, issuing a year’s grace period for UK firms to devise strategies to meet the requirements of the new law.
“I’m sure the intention is good,” says partner Bridget Treacy, speaking by phone from the London offices of Hunton & Williams, ranked by Computerworld magazine as the top law firm for privacy and data security.
But, she adds, “It is not very practical to implement,” adding that there is a “real question as to whether it will actually enhance data protection. “
One big obstacle is the sheer technical complexity of allowing users to opt-in to every cyber “cookie” a site may want or even need to place on a user’s hardware. There are different kinds of cookies (besides chocolate chip and oatmeal).
Advertisers track your buying habits
Roughly divided into what are known as first and third parties – for host site packets versus advertisers – these little files can do everything from keep track of that silk scarf you slipped into your online shopping basket until you get to checkout to following you as you wander from one web site to another.
What companies need to do during the grace period, says Ms. Treacy, is understand the cookies they already use – “The need to understand where they sit on the spectrum from not intrusive to those that are much more intrusive.”
After that, they can assess whether they really need them and which consent mechanism to offer.
This may vary from a pop-up request to a check box in the terms and conditions or even settings adjustments on browsers.
But of course, she points out, there are problems with each. For one thing, not everyone accesses the Internet via a computer with browser settings that can be adjusted.
Degrading the quality of the online interaction is another big issue, says Jim Halpert, partner in the communications, E-commerce, and privacy practice of DLA Piper, a legal services company with offices around the world.
“This will be a very bumpy user experience,” he says, speaking from his office in Paris. A constant stream of interruptions could easily deter consumers from going very far online, he says.
Free Internet content could be impacted
“This could be potentially very disruptive to the Internet economy as a whole,” adds Mr. Halpert. If the online experience is either severely interrupted with constant requests to consent or users remove their consent some other way, he notes, “This will chip away at one of the few business models for free content on the Internet.”
New media entrepreneur Alex Huf has been looking around that corner and says he has a solution to both sides of the problem.
Founder of the new, CloudCapture.org, currently in beta, Mr. Huf says the key is to allow users the ability to control their personal data.
Most consumers will say a knee-jerk “no” to being tracked if they are asked, but what they don’t realize is that there is value to both sides from sharing information with a web site or business you trust.
The key, he adds, is control, which he says his company offers by creating “a sort of digital bank for this new online currency.” Through it, he adds, consumers can control who gets to see their information and when.