Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Cookies have long been an integral part of the Web. But in Europe, at least, the future of cookies has been thrown into doubt thanks to an impending piece of legislation that will seek to regulate their use. 

Web cookies are small strings of data containing information like your login credentials or the contents of your shopping cart. Websites upload this data to your browser. Cookies are also the core component behind advertising systems that use behavioral targeting—a method to provide more personalized, and therefore more profitable, ads. Visit a travel website, for example, and a tracking cookie planted by an advertising network will register your interest in a trip overseas. Later, when visiting other websites that are part of the same ad network, the information in that cookie will be used to serve you advertisements for vacations.

On May 25, a new European Union directive on the use of cookies will come into force. The directive (actually an amendment to the Privacy and Electronic Communications Directive of 2002) asks European Union member states to come up with legislation that ensures that Web users give their consent for websites to use cookies that store their private information.

The directive actually applies to only one specific type of cookie: those used by advertising systems to record the sites you visit. But millions of sites use such methods—since the more targeted the ad, the more likely you are to click, and the more you click, the greater their income. The approach increasingly underpins the Web economy, but European officials are concerned that the rapid increase in advertising networks has not been matched by an increase in the information given to users about how they are tracked online. Websites such as SelectOut reveal how many services are tracking you.

European companies won’t be the only ones that will have to comply, either: businesses headquartered in the U.S. but with European offices will also be subject to the rules. Potentially, so will any company that interacts with customers inside the E.U.—at least under one very broad interpretation of the guidance.

But precisely how users will be asked to give consent is still up for grabs. While some envision the nightmare scenario—an endless stream of pop-up boxes asking for a user’s permission to store the most miniscule piece of information—experts suggest that there may be a wide number of ways to reduce the pain for users. “Clearly, if you direct someone to a landing page asking for their permission every time, it will not work—everyone is looking for the least intrusive method possible,” says Phil Lee, a senior associate specializing in Internet privacy issues at the London-based law firm Field Fisher Waterhouse.

Some sites may believe they can hide information about their tracking services deep in the small print on a website, enabling them to argue that failing to refuse consent is the same as granting it. However, Lee says, this is often the current method of disclosure—and something the directive is explicitly designed to change. “Simply burying stuff in the terms and conditions or privacy policy will no longer be enough,” he says.

In fact, some national governments are examining whether better in-browser tools may circumvent the need for individual sites to ask permission altogether. This approach chimes with moves already being made in the browser industry; Google and Mozilla have taken some steps to let users opt out of certain tracking systems in Chrome and Firefox, and have indicated that they may be willing to go even further.

“The Web is evolving quickly in how information about people is collected, used, and shared online,” wrote Mozilla’s global privacy leader, Alex Fowler, last month. “We believe it’s crucial to put people in control of their personal Web interactions and experiences.”

0 comments about this story. Start the discussion »

Tagged: Web, websites, browser history, cookies

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me