Monday, 15 November 2010

Euro-Commissioner on cookies and new Art.5(3) of 2002/58/EC

See her speech here - on the issue of how cookies can be made compatible with European privacy law via co-regulation:

But it will need to be one clearly based on the applicable EU legislation. Such a solution can go a long way towards facilitating compliance and avoiding divergence among the Member States. To get to such a solution, the self-regulatory framework would – in my view - have to include at least the following four elements.
  1. weffective transparency. This means that users should be provided with clear notice about any targeting activity that is taking place.
  2. consent, i.e. an appropriate form of affirmation on the part of the user that he or she accepts to be subject to targeting.
  3. user-friendly solution, possibly based on browser (or another application) settings. Obviously we want to avoid solutions which would have a negative impact on the user experience. On that basis it would be prudent to avoid options such as recurring pop-up windows. On the other hand, it will not be sufficient to bury the necessary information deep in a website’s privacy policies. We need to find a middle way. On a related note, I would expect from you a clear condemnation of illegal practices which are unfortunately still taking place, such as ‘re-spawning’ of standard HTTP cookies against the explicit wishes of users.
  4. effective enforcement. It is essential that any self-regulation system includes clear and simple complaint handling, reliable third-party compliance auditing and effective sanctioning mechanisms. If there is no way to detect breaches and enforce sanctions against those who break the rules, then self-regulation will not only be a fiction, it will be a failure. Besides, a system of reliable third party compliance auditing should be in place.

No comments:

Post a Comment