Skip to Content

Why the Web Became Illegal in Europe Yesterday

Can the Web as we know it survive without installing tracking files on your computer?

At midnight last Wednesday most websites based inside the European Union became illegal.

From that moment, using a website based in the EU was supposed to be much less creepy. The law requires sites based in any nation of the political and economic club to ask people’s permission before installing a “cookie” onto their computers that can identify when they return to a site, or even track their movements across the Web.

As Bloomberg explained earlier this week, the goals of the legislation are worthy:

“The EU is cracking down on companies invading Web users’ privacy, by promising people more control over their data and harsher sanctions, including criminal penalties, against violations.”

Yet cookies come in many shapes and sizes and are ubiquitous online. Sites that offer shopping or carry advertising use it particularly heavily, to track products a person looked at or data that helps targets ads. As a result, the EU law has the Web’s biggest companies worried, reported the FT:

“[C]ompanies such as Facebook and Google are particularly concerned that the new laws could put their businesses in jeopardy, and advertisers are worried that the market for highly targeted Internet advertising–worth nearly £100m a year in the UK alone– could be damaged.”

Despite the passing of this week’s deadline, those companies likely won’t face prosecution for foisting cookies on unsuspecting users yet. All EU nations were supposed to have implemented the law by midnight Wednesday, but as the Register reported, hardly any have done so:

“At the end of yesterday, only Estonia and Denmark had notified the Commission, with officials in those states confirming that they had transposed all of the EC measures on internet cookies into their national law.”

That leaves 25 nations that have not, and website operators in a tailspin of uncertainty about whether or how they should change their cookie-pushing behavior. Some countries, such as the U.K., have stated they will delay implementing the new law and wish to cause minimum disruption to the Web as we know it. But the underlying EU law cannot now be turned back.

Its rules do allow cookies “strictly necessary for a service requested by a user” to be foisted on people without their knowledge. That would seem to cover the cookies that help online stores track the contents of your shopping baskets. But what about the targeted ads that support the existence of websites of all kinds?

One blogger created a joking-but-serious preview of what requests for cookie installs might look like, hitting visitors with popups with warnings such as:

“Posts on this site sometimes carry videos from third party sites such as YouTube, which use cookies to record your interest in LOLCATS and people skiing into trees. Don’t you not agree to us not storing this information?”

A less shrill attempt to obey the new rules can be seen on this U.K. government website, but the warning is still intrusive and confusing. One alternative is for the cookie negotiation process to be handled by browsers to offer users a smoother experience, reported the BBC, saying the U.K. government had turned to browser makers for help.

One option would be to fold the EU rules into the “do not track” features being developed for every major browser, which certain kinds of cookie. Unfortunately, technology that can track people online without using cookies is already being created and may leave both the EU’s law and “do not track” toothless.

Keep Reading

Most Popular

The inside story of how ChatGPT was built from the people who made it

Exclusive conversations that take us behind the scenes of a cultural phenomenon.

How Rust went from a side project to the world’s most-loved programming language

For decades, coders wrote critical systems in C and C++. Now they turn to Rust.

ChatGPT is about to revolutionize the economy. We need to decide what that looks like.

New large language models will transform many jobs. Whether they will lead to widespread prosperity or not is up to us.

Design thinking was supposed to fix the world. Where did it go wrong?

An approach that promised to democratize design may have done the opposite.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.