Cookies, Privacy and new EU law
Posted by Julian Ranger
The BBC today highlights the ‘new’ European law on privacy, specifically tracking technologies (e.g. cookies) used to track web browsing. The article’s title is “Governments ‘not ready’ for new European privacy law”. The premise seems to be that solutions are either ask the user to allow each and every cookie, to accept them all or to implement a total “do not track” ban.
To me these are very black or white solutions that don’t allow for legitimate and wanted behaviours. There are many useful functions provided by cookies as well as unwanted more sneaky behaviours. Simple useful functions include, for example, automating repeated log-ins to sites, the ability to offer tailored adverts (liked by some, not by others) and many others.
I would suggest that a more useful distinction is defining categories of cookies/tracking items and asking users to approve or not the categories, rather than an all or nothing approach. So I might accept cookies which help automate my log-on to sites, but not those which give me targeted advertising. I could also then review cookies by category if browsers were so enabled. This would require a system change so that cookies/tracking systems declared what they were, but it would be more useful I believe. (Of course, the nefarious can get around any system and could under this plan simply incorrectly tag their cookie; however, they have plenty ways round any system anyway and a blacklist could be developed which browsers look for.)
This is very analogous to the levels of privacy and privacy principles I proposed last year in my guest post on TechCrunch and follow up articles on privacy in this blog. The key is that a user should be aware of what they are signing up for with regard to privacy (or lack of) by using simple, common terminology and principles. Different rules for different privacy aspects of browsing and using websites will only serve to confuse the consumer and no one will benefit.