But it will need to be one clearly based on the applicable EU legislation. Such a solution can go a long way towards facilitating compliance and avoiding divergence among the Member States. To get to such a solution, the self-regulatory framework would – in my view - have to include at least the following four elements.
- weffective transparency. This means that users should be provided with clear notice about any targeting activity that is taking place.
- consent, i.e. an appropriate form of affirmation on the part of the user that he or she accepts to be subject to targeting.
- user-friendly solution, possibly based on browser (or another application) settings. Obviously we want to avoid solutions which would have a negative impact on the user experience. On that basis it would be prudent to avoid options such as recurring pop-up windows. On the other hand, it will not be sufficient to bury the necessary information deep in a website’s privacy policies. We need to find a middle way. On a related note, I would expect from you a clear condemnation of illegal practices which are unfortunately still taking place, such as ‘re-spawning’ of standard HTTP cookies against the explicit wishes of users.
- effective enforcement. It is essential that any self-regulation system includes clear and simple complaint handling, reliable third-party compliance auditing and effective sanctioning mechanisms. If there is no way to detect breaches and enforce sanctions against those who break the rules, then self-regulation will not only be a fiction, it will be a failure. Besides, a system of reliable third party compliance auditing should be in place.