Cookies have long been an integral part of the Web. But in Europe, at least, the future of cookies has been thrown into doubt thanks to an impending piece of legislation that will seek to regulate their use.
Web cookies are small strings of data containing information like your login credentials or the contents of your shopping cart. Websites upload this data to your browser. Cookies are also the core component behind advertising systems that use behavioral targeting—a method to provide more personalized, and therefore more profitable, ads. Visit a travel website, for example, and a tracking cookie planted by an advertising network will register your interest in a trip overseas. Later, when visiting other websites that are part of the same ad network, the information in that cookie will be used to serve you advertisements for vacations.
The directive actually applies to only one specific type of cookie: those used by advertising systems to record the sites you visit. But millions of sites use such methods—since the more targeted the ad, the more likely you are to click, and the more you click, the greater their income. The approach increasingly underpins the Web economy, but European officials are concerned that the rapid increase in advertising networks has not been matched by an increase in the information given to users about how they are tracked online. Websites such as SelectOut reveal how many services are tracking you.
European companies won’t be the only ones that will have to comply, either: businesses headquartered in the U.S. but with European offices will also be subject to the rules. Potentially, so will any company that interacts with customers inside the E.U.—at least under one very broad interpretation of the guidance.
But precisely how users will be asked to give consent is still up for grabs. While some envision the nightmare scenario—an endless stream of pop-up boxes asking for a user’s permission to store the most miniscule piece of information—experts suggest that there may be a wide number of ways to reduce the pain for users. “Clearly, if you direct someone to a landing page asking for their permission every time, it will not work—everyone is looking for the least intrusive method possible,” says Phil Lee, a senior associate specializing in Internet privacy issues at the London-based law firm Field Fisher Waterhouse.
In fact, some national governments are examining whether better in-browser tools may circumvent the need for individual sites to ask permission altogether. This approach chimes with moves already being made in the browser industry; Google and Mozilla have taken some steps to let users opt out of certain tracking systems in Chrome and Firefox, and have indicated that they may be willing to go even further.
“The Web is evolving quickly in how information about people is collected, used, and shared online,” wrote Mozilla’s global privacy leader, Alex Fowler, last month. “We believe it’s crucial to put people in control of their personal Web interactions and experiences.”