Skip to Content

Why the Web Became Illegal in Europe Yesterday

Can the Web as we know it survive without installing tracking files on your computer?

At midnight last Wednesday most websites based inside the European Union became illegal.

From that moment, using a website based in the EU was supposed to be much less creepy. The law requires sites based in any nation of the political and economic club to ask people’s permission before installing a “cookie” onto their computers that can identify when they return to a site, or even track their movements across the Web.

As Bloomberg explained earlier this week, the goals of the legislation are worthy:

“The EU is cracking down on companies invading Web users’ privacy, by promising people more control over their data and harsher sanctions, including criminal penalties, against violations.”

Yet cookies come in many shapes and sizes and are ubiquitous online. Sites that offer shopping or carry advertising use it particularly heavily, to track products a person looked at or data that helps targets ads. As a result, the EU law has the Web’s biggest companies worried, reported the FT:

“[C]ompanies such as Facebook and Google are particularly concerned that the new laws could put their businesses in jeopardy, and advertisers are worried that the market for highly targeted Internet advertising–worth nearly £100m a year in the UK alone– could be damaged.”

Despite the passing of this week’s deadline, those companies likely won’t face prosecution for foisting cookies on unsuspecting users yet. All EU nations were supposed to have implemented the law by midnight Wednesday, but as the Register reported, hardly any have done so:

“At the end of yesterday, only Estonia and Denmark had notified the Commission, with officials in those states confirming that they had transposed all of the EC measures on internet cookies into their national law.”

That leaves 25 nations that have not, and website operators in a tailspin of uncertainty about whether or how they should change their cookie-pushing behavior. Some countries, such as the U.K., have stated they will delay implementing the new law and wish to cause minimum disruption to the Web as we know it. But the underlying EU law cannot now be turned back.

Its rules do allow cookies “strictly necessary for a service requested by a user” to be foisted on people without their knowledge. That would seem to cover the cookies that help online stores track the contents of your shopping baskets. But what about the targeted ads that support the existence of websites of all kinds?

One blogger created a joking-but-serious preview of what requests for cookie installs might look like, hitting visitors with popups with warnings such as:

“Posts on this site sometimes carry videos from third party sites such as YouTube, which use cookies to record your interest in LOLCATS and people skiing into trees. Don’t you not agree to us not storing this information?”

A less shrill attempt to obey the new rules can be seen on this U.K. government website, but the warning is still intrusive and confusing. One alternative is for the cookie negotiation process to be handled by browsers to offer users a smoother experience, reported the BBC, saying the U.K. government had turned to browser makers for help.

One option would be to fold the EU rules into the “do not track” features being developed for every major browser, which certain kinds of cookie. Unfortunately, technology that can track people online without using cookies is already being created and may leave both the EU’s law and “do not track” toothless.

Keep Reading

Most Popular

DeepMind’s cofounder: Generative AI is just a phase. What’s next is interactive AI.

“This is a profound moment in the history of technology,” says Mustafa Suleyman.

What to know about this autumn’s covid vaccines

New variants will pose a challenge, but early signs suggest the shots will still boost antibody responses.

Human-plus-AI solutions mitigate security threats

With the right human oversight, emerging technologies like artificial intelligence can help keep business and customer data secure

Next slide, please: A brief history of the corporate presentation

From million-dollar slide shows to Steve Jobs’s introduction of the iPhone, a bit of show business never hurt plain old business.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.