It's unusual for the European Union -- which is normally a real stickler for individual privacy -- to be following the U.S. in a user privacy issue, but the European Commissioner for the Digital Agenda is calling for the E.U. to adopt "do not track" legislation similar to that the U.S. is working on.
Expansion to 'Do Not Track'
I think we should collectively pay more attention to the emerging "do-not-track" technologies -- or DNT for short...DNT is already deployed in some web browsers. And some web businesses say they honor it. But this is not enough. Citizens need to be sure what exactly companies commit to if they say they honor DNT. For example, there is an important difference between a commitment not to record tracks and a commitment not to use them for a specific purpose once recorded. When this is solved more users will deploy DNT -- and it will become simpler -- and companies will go along...How do we get there? We need a standard! We need to standardize how the DNT signal and the expected reaction should look. The standard must be rich enough for users to know exactly what compliant companies do with their information and for me to be able to say to industry: if you implement this, then I can assume you comply with your legal obligations under the ePrivacy Directive."
U.S. Leads the Way
The U.S. has made a number of attempts thus far to implement do-not-track legislation, though a bill has not yet been passed, and Kroes called for the E.U. to work with the U.S. on developing similar standards in the E.U.
Fortunately we do not start from scratch. Drafts for a DNT standard already exist. Therefore I am confident that a standardization initiative for DNT can progress quickly. I am committed to supporting such an initiative and I invite my colleagues in the EU and elsewhere to join me. The US in particular is a most important partner in this and I am grateful that the Federal Trade Commission, which has already shown an interest in DNT, is represented here today at Commissioner's level. Indeed, I had a chance to discuss this with Commissioner Brill just before my speech."
Kroes called for the industry to develop such a standard by June 2012, and for the online advertising industry to also take part.
Want a Cookie? Want a Cookie?
This is all happening against a backdrop of another E.U. privacy initiative that is receiving criticism. May 25 was the deadline for all E.U. member states to have plans in place to change their laws so that most kinds of online data collection -- including cookies -- become "opt-in" for consumers. However, only five countries have thus far done so.
The problem is that a single website can have literally dozens of cookies attached to it for various analytic purposes. The U.K., in fact, has given its companies a one-year amnesty in the hopes that browser manufacturers -- some of which have already included do-not-track features -- could implement the cookie opting-in feature. The U.K.'s Information Commission Christopher Graham recently told the Telegraph:
It would obviously ruin some users’ browsing experience if they needed to negotiate endless pop ups -- and I am not saying that businesses have to go down that road," Graham said. "Browser settings giving individuals more control over cookies will be an important contributor to a solution. But the necessary changes to the technology aren’t there yet."
"Even by European standards this is a completely daft law," attorney Danvers Baillieu told Chinwag. "I am yet to meet anyone who is in favor of it. The law was brought in to address concerns about behavioral advertising but manages to go completely overboard."
Moreover, in testing, users are generally unwilling to accept cookies, making it difficult to use them for analytics. When the Information Commissioner's Office implemented the new law with existing technology, over 90% of site visitors declined to accept a Google Analytics cookie, thereby disappearing from analytics, Chinwag reported.