Tracking Cookies To Require Explicit Consent?
The Article 29 Working Party (WP29) – an EU advisory body made up of the different national data protection regulators, has published an important new opinion this week on the definition of personal data – which could just reaslise the worst fears of the online advertising world.
New data protection laws are making progress through the EU machinery at the moment, with the intent that they would become law in 2014. If enacted these laws will require explicit consent from users for the collection and processing of personal data – and place a new burden of proof of data controllers to demonstrate that such consent has been given.
As I wrote some weeks ago – the definition of what constitutes personal data under the new regulations, would be crucial in determining the practical impact of the new laws for website owners and the digital economy in general.
In the published opinion WP29 proposes that a data subject be someone who “can be identified, directly or indirectly, or singled out and treated differently”
The definition is then clarified:
“When using online services, individuals may be associated with online identifiers provided by their devices, applications, tools and protocols, such as Internet Protocol addresses or cookie identifiers. This may leave traces which, combined with unique identifiers and other information received by the servers, may be used to create profiles of the individuals and identify or single them out. It follows that identification numbers, location data, online identifiers or other specific factors as such should as a rule be considered personal data.”
This latest WP29 opinion makes it clear that they believe that any cookies that enable the collection of data which will influence what content consumers might see, such as the type of adverts, should require explicit consent before they can be used.
Clearly this is something the advertising industry has and continues to fight against. However, given the most recently voiced opinion from EU Commissioner Neelie Kroes her frustrations concerning the Do Not Track standard, it would appear that the EU may be ready to ignore the pleas of the online advertising lobby – which could have far reaching effects on the direction of the digital economy in Europe.
This is something we all need to be paying attention to.
January 13, 2017
Future of EU Cookie Compliance Webinar: ...
GDPR and now the proposed E-Privacy Regulation mean a stricter regime for cookie compliance, web governance and use of online tracking technologies. Join p...View Article →
December 14, 2016
Draft EU ePrivacy Regulation Leaked...
A draft of the proposed legislation to replace the outdated EU ePrivacy Directive was leaked on the Politico.eu (PDF) website this week. The proposal is fo...View Article →
November 3, 2016
GDPR Compliance Means Cookie Notices Mus...
Are you one of those people that ticked the cookie law box ages ago and not thought about it since? Well the game has changed and now is the time to re-vis...View Article →