The recent European Commission cookie law guidelines not only reignited controversy about privacy compliance in Europe and prompted furious debates in the trade press, quality press and tabloids, but also ignited considerable international interest.
This article concentrates on examining the stances which have been taken, their validity and, more importantly, what an enterprise needs to be doing as it turns from merely talking shop to setting and implementing concrete policies on privacy.
What tended to be ignored in the early days of the European Commission's proposals was that the cookies rule was just a small part of a law aimed at safeguarding privacy online and an attempt to protect Internet users from an increasingly aggressive, intrusive and pervasive corporate marketing machine. These are real concerns which have been growing for a number of years and which the European Commission sought to address in its rulings.
It is ironic that the European Commission takes considerable flak for ‘creating’ initiatives when usually it is responding to pressure from below. It was the relative failure of the European Commission's 2003 directive that led to the cookie law.
As international competition begins to heat up and the rapidly emerging markets of India, China and Brazil force companies into become more aggressive in their search for international markets, organisations providing content and obtaining information about users are utilising even more sophisticated and invasive techniques which many people are becoming alarmed about.
The ultimate aim is to protect user privacy to ensure that consent is given for all Internet marketing and a tidal wave of spam is averted. This is a laudable aim and one which should be supported. It should also be pointed out that these are merely a set of proposals—albeit a fairly comprehensive set—of reforms to the EU's 1995 data protection rules to “…strengthen online privacy rights and boost Europe's digital economy,” according to the EU's web site.
The site adds, “Technological progress and globalisation have profoundly changed the way our data is collected, accessed and used. In addition, the 27 EU Member States have implemented the 1995 rules differently, resulting in divergences in enforcement. A single law will do away with the current fragmentation and costly administrative burdens, leading to savings for businesses of around €2.3 billion a year. The initiative will help reinforce consumer confidence in online services, providing a much needed boost to growth, jobs and innovation in Europe.”
EU Justice Commissioner Viviane Reding, the Commission’s Vice President, said, "Seventeen years ago, less than 1% of Europeans used the Internet. Today, vast amounts of personal data are transferred and exchanged, across continents and around the globe in fractions of seconds. The protection of personal data is a fundamental right for all Europeans, but citizens do not always feel in full control of their personal data."
"My proposals will help build trust in online services because people will be better informed about their rights and in more control of their information. The reform will accomplish this while making life easier and less costly for businesses. A strong, clear and uniform legal framework at EU level will help to unleash the potential of the Digital Single Market and foster economic growth, innovation and job creation," she added.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.