This document discusses cookies and the implementation of the EU directive on online behavioral advertising. It makes three key points:
1) Implementing opt-out instead of opt-in, as cookies have benefits for users and are not harmful if managed properly through browser settings.
2) More guidance is needed for national governments on implementation as the current document does not provide enough support on business arguments or the role of browsers.
3) Self-regulation through industry efforts like youronlinechoices.com can help explain cookies, demystify them, and take responsibility to address the challenges of implementation.
6. Business
Justice Science
EU Nat. Gov’ts
Parliament
Commission Nat. Parliaments
DPA IAB
Consumers
Int.
Nat.
WP29
Nat. IABs
7. EU-dir ective 2002/ 58
The wording of the final draft of Article 5(3) provides that:
“Member States shall ensure that the storing of information, or the
gaining of access to information already stored, in the terminal
equipment of a subscriber or user is only allowed on condition that
the subscriber or user concerned has given his or her consent,
having been provided with clear and comprehensive information, in
accordance with Directive 95/46/EC, inter alia, about the purposes
of the processing. This shall not prevent any technical storage or
access for the sole purpose of carrying out the transmission of a
communication over an electronic communications network, or as
strictly necessary in order for the provider of an information society
service explicitly requested by the subscriber or user to provide the
service.”
8. But how to implement?
Opt-out via browser-settings?
Opt-in?
9. Press Release
Communiqué de presse
Mitteilung für die Presse
Brussels, 24 June 2010
ARTICLE 29 DATA PROTECTION WORKING PARTY
Opt-out is not sufficient
European Data Protection Authorities clarify EU rules on
online behavioural advertising
The European Data Protection Authorities (the Article 29 Data
Protection Working Party) today published an Opinion clarifying
how EU rules apply to online behavioural advertising.
(http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2010
/wp171_en.pdf)
10. COCOM Working Document COCOM10-34
25.10.2010
Problem: no real guidance
The document does not provide any real support to the national governments on how to
implement the law
- misses out on business arguments: it does not frame the debate from a business point, i.e.
the potential damage of a wrongful implementation to Europe’s digital uptake;
- misses the role of browser
13. Key Points and Arguments:
Cookies have a bad reputation and it will be important to
emphasise the positive aspects of cookies. Cookies are the most
user-friendly way of storing information:
- cookies are harmless, they cannot be used for malicious actions
(e.g. install malware or viruses);
- they are stored locally on a user PC, not centrally at a company
level;
- therefore cookies can be easily deleted by the user;
- they can be easily managed by the user to a high degree through
the browser settings (and other settings manager tools for LSOs /
„flash cookies‟);
14. IAB Europe
Consumers driving the digital uptake
September 2010
Study by McKinsey for IAB:
Value of free services: 40€ per household...