Sweet irony: EU imposes cookie law, ignores own rules

Sweet irony: EU imposes cookie law, ignores own rules

Summary: You would think an executive body of 27 member states that dictates part of their respective laws would adhere to its own? Think again.


On all European Union institution websites, you will be lucky to find a single page that asks the visitor for permission to set cookies. But they're using them all the same.

The 'cookie law' requires any company with an E.U.-targeted website to seek permission from its visitors to install cookies. These small bits of data often help personalise the website experience, but can also be used by advertisers to track behaviour and other online activity.

The Article 29 Working Party --- the group which advises individual European privacy authorities on matters of data protection, and the European Data Protection Supervisor --- a cross-nation group of data protection officials, both fail to adhere to the E.U.-wide so-called "cookie law".

Despite the U.K. "cookie law" taking effect over the weekend, wider E.U. institutions --- including the European Parliament and the European Commission --- are not practicing what they preach.

Field Fisher Waterhouse partner and data protection expert Stewart Room said Europe "may argue that they’re not bound by the new cookie rule, but that’s unlikely to impress anyone."

Room told ZDNet that the scope of the E.U. cookie law, that stemmed from the 2009 amendments to the E.U. E-Privacy Directive, applies only to member states.

"Therefore, the E.U. may argue that, technically speaking, the new cookie rule does not apply to the E.U." He notes that it may not be as simple as that, and that the argument may be flawed.

"The EU is bound by the 2001 Data Protection Regulation (45/2011) --- not to be confused with the draft Data Protection Regulation 2012 --- and there are strong grounds to suspect that some parts of the EU's cookie use constitutes the processing of personal data."

If you thought Europe was the prime example of bureaucracy and red tape, well, you would be pretty much spot on.

The rules for governing E.U. institutions were spun off from everyone else's some years ago. Updating the rules in 2009 when the amendments were put through would have required a whole new Regulation, which would have been difficult if not impossible to achieve at the time. The amendments were hard enough to get through the Parliament and the governments of the member states without opening another can of worms.

Instead of updating all the rules at the same time, only around 99 percent were. But the Commission likely doesn't see the legalities as a major issue. One E.U. official told me that while the Commission is "entirely willing" to follow the same path as everyone else.

In spite of this, the E.U. does have an example to set to its member states. Whether or not a law does in fact apply to the institutions of European government makes little difference. It's not as though it would limit the executive functions of E.U. governance from ticking over. If member state governments have to enact the E.U. cookie law, the E.U. itself should as well.

"Its very hard to see why the EU should be in a special category," Room added.

"The point is that the E.U. should comply with the spirit of the law, particularly when it is being so strident on the need for good data protection and when it is lecturing non-E.U. bodies, such as those in the U.S., on how the Internet should be run."

A Commission spokesperson for Digital Agenda said the executive body is pushing for changes to its online services, and plans to implement Do Not Track in the near future.

"Neelie Kroes [Digital Agenda Commissioner] is committed to the idea of the European Commission practising what it preaches. If there is proof of a part of the EU institutions not being transparent about cookies, please let us know, so we can work to address it," the spokesperson said.

Ms. Kroes, consider this a heads up.

Image credit: CNET UK.


Topic: Legal

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • It's simple. This is a preemptive money grab by the EU...

    ...They can simply pick and choose successful non-EU companies and then fine them for not complying.
  • Cookie


    Great article. What people don't understand is there is no such thing as multiple cookie types. The Spec lists only "cookie". So what they need to focus on is how do i understand what is inside each cookie? Run a simple test on HSBC (Bank site). 10 cookies - please explain what they all do?

    And for the best part - what about XMLHttpRequest? It's an API available in web browser scripting languages such as JavaScript. It is used to send HTTP or HTTPS requests directly to a web server and load the server response data directly back into the script.

    Use that instead of cookies and leave no trace at all while abusing the customers privacy.

    Regulators simply do not understand how the web really works.

  • Rules

    Silly rabbit! Rules are for little people.
    • Rules for the little people, handouts for the big

      Especially when the big keep hyping up "free market" and related, incompatible situations, for which they are kept propped up from...

      It's all good. :D
      • Or when the little people keep hyping more regulations

        At least the "big people" understand how to rig the system. The little people think that they can trust the big people to protect them.
  • Unelected, unaccountable.

    And not doing so well. The EU was supposed to rival the US. But, regulation seems to be it's best suit, as long as it's for everyone else.

    Freedom still seems to dominate!
    • Agreed

      Those doing the regulating usually have more respect and credibility if they follow the same standards they tell everyone else.

      The moment the regulators break their own rules, or allowed to be bought and paid for... everyone else notices and stops caring.

      People talk of "societal decay" but prefer finding scapegoats, like some did in the 1930s. All societies are authority-driven. Scapegoats and wedge issues don't resolve the problem. And, in a democracy, all would be involved, meaning all would be given the same treatment. How many in a democracy would vote to let the rulemakers have zero oversight as to how they are ruled? (Um, maybe 2%, but which 2% might that be?)
  • Zack, why not send Ms Kroes an email ?

    Steelie Neelie is one of the few on the Commission who does seem to take consumer protection and following the rules au srieux. Worth a try !...


    PS : Should you do so - and in particular, should you receive a reply - please post back here and let us know !...
    • I sent a tweet

      Maybe she'll respond?
  • EU and cookies

    "Those doing the regulating usually have more respect and credibility if they follow the same standards they tell everyone else".

    Couldn't agree more. Yet another example if the EU telling people what to do merely because they can. It's a bit rich when you realise that the EU has NOT had it's own accounts signed off for more than 15 years.
    When their chief financial officer tried to get something done about it a few years back, guess what?? She got the sack! How very convenient! Don't ask any questions that might prove embarrassing. Reminds you of Enron except on a considerably larger scale. Tell the people only what you want them to know, truthful or otherwise and blunder on as before.
    How many companies would get away with this type of behaviour?. Not too many, I think, so why should they?
    You will doubtless detect an air of frustration on my part in being unable to do anything constructive about it so apologies for the rant.
    As a Scot, I do not consider myself a "European Citizen" at all. For my part, I want my country OUT of the incompetent monolith that is the EU and freedom from all its red tape, jobs for the boys and taxation tentacles. It has gone far beyond any concept of reform and needs disbanding in its entirety.
    W. R. Hawthorn
  • no different than G8

    One thing I noticed, the rich love telling the poor how to live. I don't agree with citizenship. We are all blood-related brothers on the same Earth. Only those in power seek to divide us.
  • Europe vs usa....the white and the black

    The main difference between usa and European Union is that USA Protect mainly the business while Europe cares more for the people and the consumers....

    Europe web sites will get adapted....

    American web sites....well if you dont know the rules...nobody is going to protect you
  • Why lie?

    First of all why wasn't my comment from last night published, but most of all, after looking up european sites like France and Germany, I realise they've interpreted the EU law differently, rationally, unlike the stupid UK government. Why does the article writer find the need to lie about the reason being ''not all the EU are member states'' nonsense, when it's only the UK that has taken this freakish popup galore, browsing ruining turn?