e-Privacy Directive
At the Intellect Future of Entertainment conference last week, Minister for Culture Ed Vaizey commented on the UK government’s flexible approach to implementing the EU e-Privacy directive (the “cookie law”).
Well certainly the Information Commissioner’s Office (ICO) did provide a year-long grace period for organisations to ensure they comply with the Directive. Now that grace period is at an end; and British business needs to comply with the less flexible parts of the government’s requirement as outlined by the ICO (http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_guide/cookies.aspx).
It is worth saying that, while perhaps the Government’s hands are tied in respect to this Directive, this is far from a useful regulation.
If you don’t know about the Directive, then you should be aware that it outlaws the use of cookies unless active opt-in permission has been given. It is not sufficient to tell people that cookies are being used and to explain their use.
For a start, the Directive is totally unnecessary. It specifically outlaws most cookies in order to protect privacy. But as the UK Goverment’s own website DirectGov states “cookies aren’t used to identify you personally” (http://www.direct.gov.uk/en/SiteInformation/Cookies/DG_WP201870). And this is true on most sites. Without a registration or log in feature, it is impossible for cookies to identify anyone as an individual.
In addition, the Directive wouldn’t protect everyone’s privacy IF cookies really did threaten privacy. Why is this? Because the Directive states that the only person who needs to give permission to accept cookies is the person who pays the bill for accessing the internet. In other words I can give my permission but my wife and children can’t. Why is their privacy somehow less important than mine?
Thirdly, this Directive is bad for business. It makes it more difficult for organisations to provide customised information (including adverts) based on their visitors’ previous behaviour. This is bad for advertising, bad for retail, bad for media owners. (If you don’t care about advertisers, then you will need to be prepared to pay for all that news and entertainment you consume for free online.) In fact any website that is using cookies to track visitor is now supposed to ask for permission to do this.
Fourthly, it’s bad for consumers who will in theory have to make a decision about whether or not to accept cookies every time they visit a new website (and every time they use a new computer, a new browser or wipe their cookies – even if they have given permission).
Common sense might suggest that users who are not worried by cookies could give permission in their browser settings. And, all credit to the EU law makers, this option does seem to be written into the Directive. Cue the Article 29 Working Party who in effect say that consumers can’t be trusted to understand the effect of giving permission via heir browser.
All in all this is a bad law that does no one any good (except perhaps those residents of Tunbridge Wells who fulminate against the use of behavioural targeting). And perhaps because it is a bad law many British Government websites are ignoring it. Perhaps the time for British business to take this Directive seriously is when British Government sites implement their own rules.
- Jeremy Swinfen Green, Managing Director