Stop the cookie monster and save Europe's websites

Summary:Misguided European laws on cookies could have a devastating impact on websites, says Struan Robertson

...the new law, sharing the lawmakers' rationale for the provisions that follow. Curiously, the cookie recital includes a suggestion that conflicts with the main article.

The new cookie recital says: "The user's will to accept processing may be expressed by way of using the appropriate settings of a browser or other application."

Most browsers have a default setting that allows cookies. Most people never change that, and many do not know that the setting exists. A court might reasonably question how consent can be implied from a default setting. If no question is asked, silence does not convey consent.

In fact, the expression of a "will to accept" is as close as the recital gets to mentioning consent. The recital refers twice to "the right to refuse" a cookie — yet the article itself tells us that users must give consent, which is a different standard and a higher one.

The recital reads like an afterthought, like an apology for the overzealous article that follows. As such, the combination makes little sense — and websites are given a headache.

Before it crumbles
The root of the problem is that this law is probably not aimed at cookies at all. It is aimed at more sinister things being placed on or read from website visitors' computers. In an effort to remain technology-neutral, the article fails in its purpose. It talks of storing "information", not cookies, thereby categorising harmless cookies and password-stealing Trojans together. That is unhelpful and we have been left with ambiguous wording.

Fortunately, there is time to fix this legislative mess. The law is part of a wider telecoms reform package, which looks likely to face delays because of a last-minute amendment in the European Parliament relating to file sharing.

On 12 June, the Council of Ministers will decide whether or not to accept the file-sharing changes. By then there will be a new Parliament and, from November, a new group of commissioners. Although all three bodies had agreed the cookie part of the law, the new assemblies may revisit and change that element too.

Without this potential delay, the latest cookie proposals would have been installed in EU law this month with the stealth of the spyware they set out to block. Most of us did not know these plans existed. But our silence must not be misinterpreted as consent.

Struan Robertson is a legal director at international law firm Pinsent Masons and editor of the firm's Webby-winning legal information site, A specialist in technology law, Robertson has focused almost exclusively since early 2000 on the legal issues surrounding the internet.

Topics: Tech Industry

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.