Don't overbake fear of EU cookie law

Summary:Under EU law, behavioural advertisers need consumers to agree, but the details may be less onerous than the industry feared, says Struan Robertson

... a major hurdle facing them. Its interpretation of the law still forces publishers to ask a difficult question. Advertisers and publishers would rather not ask users if they want to be tracked for advertising purposes because users' answers could damage their businesses. But it's hard to avoid asking that question: the committee's interpretation of the law is, in purely legal terms, the most compelling interpretation, however flawed and unhelpful the law itself may be.

The working party's opinion isn't the final word on how to comply, though. We're still waiting to see the laws that will implement the new directive in each member state. These laws are likely to be accompanied by guidance from local regulators, in our case the Information Commissioner's Office (ICO). There's still the possibility that the local laws and local guidance will be more supportive of the IAB's view, though it would be surprising if that turned out to be the case.

Another recommendation says users' permissions should not last forever. Ad networks should ask again every year whether users are happy for cookies to be used to track them. Given the working party's views on other aspects of data retention, a year is an uncharacteristically generous period.

The party is calling for the labelling of behavioural ads with icons that link to information pages. That's a smart move for better transparency and something that the IAB is already supporting and working towards.

While real change will take years, the committee is also calling for browser makers to build greater privacy control into their products. Millions of internet users still browse the web using IE6, for example, even though it is nine years old. It will be a long time before websites can expect to see a large number of visitors using the privacy-protective browsers that the working party has in mind. Website privacy practices have to accommodate legacy browsers like IE6. For the foreseeable future they will be unable to delegate cookie compliance to the browser.

Publishers and advertisers are never going to be happy with the new law and nor should they be. But they now have clear guidance from the EU's regulators, and the situation is not as bad as they might have feared.

Struan Robertson is a legal director at international law firm Pinsent Masons and editor of the firm's Webby-winning legal information site, A specialist in technology law, Robertson has focused almost exclusively since early 2000 on the legal issues surrounding the internet.

Topics: Government : UK

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.