Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

This solution has some international backing. Last year, the U.S. Federal Trade Commission said it supported the idea of “do not track” services that make it easier for Web users to stay private, which led to the efforts from Google and Mozilla.  And while consumers may not understand the technical details, they seem to support the idea of greater control: a 2009 study by the University of Pennsylvania and the Berkeley Center for Law and Technology found that 66 percent of U.S. adults did not want their private online information tracked.

But some within the European Internet industry are far from pleased. “This is the sort of crap that makes me want to move my business to the U.S.,” says Nick Halstead, chief executive of the U.K.-based Internet company Mediasift. Halstead has been one of the directive’s most vocal critics. “The U.K. tech Web industry will suffer massively if this goes through,” he says.

The question of implementation has yet to be tackled, however. European directives are not laws in and of themselves. They’re merely recommendations intended to harmonize national laws across the continent. They specify an “end state”—but how that state is achieved in law is up to each of the 27 national governments. Signs so far are that these national laws won’t be in place this year, and even when they are, the laws are likely to be sympathetic to the needs of online businesses in those countries.

In a consultation paper by the British government, for example, E.U. officials suggested that “it is important that this provision is not implemented in a way which would damage the experience of U.K. Web users or place a burden on U.K. or E.U. companies that use the Web.”

European politicians will be particularly keen not to encourage unscrupulous actors to simply find new ways to circumvent the law. With its Panopticlick project, the Electronic Frontier Foundation, a digital rights advocacy group, has already shown that a great deal of personally identifying data can be collected without cookies. Meanwhile, systems that mimic the tracking cookie without actually using the same process have also been demonstrated, such as so-called “evercookies,” written in JavaScript, or via code hidden inside Flash files. 

But Lee of Field Fisher Waterhouse points out that these methods would also be subject to the European rules. “The directive isn’t just about cookies; it’s about keeping any sort of tracking data. I don’t think industry can operate on the assumption that they have a right to own users’ data.”

Whatever solution does arrive, regulators will need to make sure that asking for consent doesn’t hamper the experience of using the Web—or cost companies so much that they try alternative techniques instead.

“There is a cost to regulatory compliance,” says Arvind Narayanan , a postdoctoral researcher at Stanford University who researches online privacy. “The smaller the number of entities affected by a law or regulation, the more likely it is that companies will fall in line—and the less the negative impact on innovation.”

0 comments about this story. Start the discussion »

Tagged: Web, websites, browser history, cookies

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me