Sweet irony: EU imposes cookie law, ignores own rules
Summary: You would think an executive body of 27 member states that dictates part of their respective laws would adhere to its own? Think again.
On all European Union institution websites, you will be lucky to find a single page that asks the visitor for permission to set cookies. But they're using them all the same.
The 'cookie law' requires any company with an E.U.-targeted website to seek permission from its visitors to install cookies. These small bits of data often help personalise the website experience, but can also be used by advertisers to track behaviour and other online activity.
The Article 29 Working Party --- the group which advises individual European privacy authorities on matters of data protection, and the European Data Protection Supervisor --- a cross-nation group of data protection officials, both fail to adhere to the E.U.-wide so-called "cookie law".
Despite the U.K. "cookie law" taking effect over the weekend, wider E.U. institutions --- including the European Parliament and the European Commission --- are not practicing what they preach.
Field Fisher Waterhouse partner and data protection expert Stewart Room said Europe "may argue that they’re not bound by the new cookie rule, but that’s unlikely to impress anyone."
Room told ZDNet that the scope of the E.U. cookie law, that stemmed from the 2009 amendments to the E.U. E-Privacy Directive, applies only to member states.
"Therefore, the E.U. may argue that, technically speaking, the new cookie rule does not apply to the E.U." He notes that it may not be as simple as that, and that the argument may be flawed.
"The EU is bound by the 2001 Data Protection Regulation (45/2011) --- not to be confused with the draft Data Protection Regulation 2012 --- and there are strong grounds to suspect that some parts of the EU's cookie use constitutes the processing of personal data."
If you thought Europe was the prime example of bureaucracy and red tape, well, you would be pretty much spot on.
The rules for governing E.U. institutions were spun off from everyone else's some years ago. Updating the rules in 2009 when the amendments were put through would have required a whole new Regulation, which would have been difficult if not impossible to achieve at the time. The amendments were hard enough to get through the Parliament and the governments of the member states without opening another can of worms.
Instead of updating all the rules at the same time, only around 99 percent were. But the Commission likely doesn't see the legalities as a major issue. One E.U. official told me that while the Commission is "entirely willing" to follow the same path as everyone else.
In spite of this, the E.U. does have an example to set to its member states. Whether or not a law does in fact apply to the institutions of European government makes little difference. It's not as though it would limit the executive functions of E.U. governance from ticking over. If member state governments have to enact the E.U. cookie law, the E.U. itself should as well.
"Its very hard to see why the EU should be in a special category," Room added.
"The point is that the E.U. should comply with the spirit of the law, particularly when it is being so strident on the need for good data protection and when it is lecturing non-E.U. bodies, such as those in the U.S., on how the Internet should be run."
A Commission spokesperson for Digital Agenda said the executive body is pushing for changes to its online services, and plans to implement Do Not Track in the near future.
"Neelie Kroes [Digital Agenda Commissioner] is committed to the idea of the European Commission practising what it preaches. If there is proof of a part of the EU institutions not being transparent about cookies, please let us know, so we can work to address it," the spokesperson said.
Ms. Kroes, consider this a heads up.
Image credit: CNET UK.
Related:
- What Britons need to know about U.K. 'cookie law'
- ZDNet: UK data regulator issues cookie warning; Google faces compliance challenge
- ZDNet UK: ICO to enforce cookie law from this weekend
- Most government sites to miss cookie deadline
- Privacy watchdog to chase big companies over cookie law
- CNET UK: European ePrivacy directive cooks up anti-cookie laws
- Cookie law set to shake up UK websites, but won’t be enforced for a year
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
It's simple. This is a preemptive money grab by the EU...
Cookie
Great article. What people don't understand is there is no such thing as multiple cookie types. The Spec lists only "cookie". So what they need to focus on is how do i understand what is inside each cookie? Run a simple test on HSBC (Bank site). 10 cookies - please explain what they all do?
And for the best part - what about XMLHttpRequest? It's an API available in web browser scripting languages such as JavaScript. It is used to send HTTP or HTTPS requests directly to a web server and load the server response data directly back into the script.
Use that instead of cookies and leave no trace at all while abusing the customers privacy.
Regulators simply do not understand how the web really works.
Peter
Rules
Rules for the little people, handouts for the big
It's all good. :D
Or when the little people keep hyping more regulations
Unelected, unaccountable.
Freedom still seems to dominate!
Agreed
The moment the regulators break their own rules, or allowed to be bought and paid for... everyone else notices and stops caring.
People talk of "societal decay" but prefer finding scapegoats, like some did in the 1930s. All societies are authority-driven. Scapegoats and wedge issues don't resolve the problem. And, in a democracy, all would be involved, meaning all would be given the same treatment. How many in a democracy would vote to let the rulemakers have zero oversight as to how they are ruled? (Um, maybe 2%, but which 2% might that be?)
Zack, why not send Ms Kroes an email ?
Henri
PS : Should you do so - and in particular, should you receive a reply - please post back here and let us know !...
I sent a tweet
EU and cookies
Couldn't agree more. Yet another example if the EU telling people what to do merely because they can. It's a bit rich when you realise that the EU has NOT had it's own accounts signed off for more than 15 years.
When their chief financial officer tried to get something done about it a few years back, guess what?? She got the sack! How very convenient! Don't ask any questions that might prove embarrassing. Reminds you of Enron except on a considerably larger scale. Tell the people only what you want them to know, truthful or otherwise and blunder on as before.
How many companies would get away with this type of behaviour?. Not too many, I think, so why should they?
You will doubtless detect an air of frustration on my part in being unable to do anything constructive about it so apologies for the rant.
As a Scot, I do not consider myself a "European Citizen" at all. For my part, I want my country OUT of the incompetent monolith that is the EU and freedom from all its red tape, jobs for the boys and taxation tentacles. It has gone far beyond any concept of reform and needs disbanding in its entirety.
no different than G8
Europe vs usa....the white and the black
Europe web sites will get adapted....
American web sites....well if you dont know the rules...nobody is going to protect you
....that
Why lie?