Technology, Media & Telecommunications (TMT)

European Watchdog calls for stricter regulation on ‘Cookies’

12 Jan 2012

4 min read

The European online privacy watchdog known as the ‘Article 29 Working Party’ has called for stricter regulation on the practice of using ‘cookies’ for online advertising. A cookie is a tracking program uploaded to a computer by advertising companies in order to monitor the activities of an internet user. This, in turn, allows the advertising company to forward advertisements to the user tailored to their personal interests. This is a technique which has been used by online advertisers for a long time. It has, however, raised issues over whether the uploading of cookies to a user’s terminal under their nose can be considered as legal and respectful of their right to privacy and data protection.

As matters stand, cookies are slipped into a user’s terminal when they log into a website via a browser. As such, the advertising industry has set up a website,, explaining the concept of behavioural advertising to customers and allowing consumers to opt-out of receiving any cookies from specific companies. This however goes in stark contrast to the existing rules in the most recent amendments to the E-privacy Directive (2009/136/EC) which state that even though cookies are allowed, an element of prior consent, via an opt-in, is still required. In practice this would imply, according to the watchdog, that whenever a user browses a website which would upload a cookie, they should be prompted as to whether they wish to receive it or not.

Kimon Zorbas on behalf of the ‘Interactive Advertising Bureau’ says this would be problematic. Zorbas stated “If we ask for consent each time, internet navigation will become a very user-unfriendly experience”.

In more practical terms, this issue has raised a lot of discussion as to the interpretation of the Directive. Countries like Germany had little trouble with this as their laws were already strict enough to cater for the situation as dictated by the Ddirective. The Netherlands, in particular, have opted to elevate cookies to the level of personal information in their own domestic law even though this is not specifically stated in the Directive. On the other hand, up until the transposition deadline of May 2011, half of the Member States of the EU had not even transposed the Directive yet. This number may have decreased though not by much.

In view of this, the EU Commissioner Neelie Kroes has called for a stakeholder’s meeting on the 18th January 2012. Though some speculate that Kroes might not buckle under the watchdog’s pressure, it is also speculated that the watchdog may find ulterior support through Viviane Reding, the EU Commissioner in charge of Fundamental Rights. The latter speculation is based on the fact that as matters stand, Reding already plans to push for big changes to EU data protection laws which have remained the same since 1995. Reding intends to bring about changes which allow for a consumer to remain more informed of their situation just as she did with the telephone roaming regulation last year.

Nonetheless, some experts feel that although just and practical, asking for consent for every small thing the consumer comes across may cause the consumer to start accepting things without reading the terms of the offers. This extreme would hardly be desirable. With the situation being what it is, until a judgment is handed down or preliminary reference is given by the ECJ, the policy on this issue may remain open to interpretation. As matters stand, there is only a good deal of lobbying being done about this issue with little concrete law or procedure having been decided upon. This has left Europe holding its breath, waiting to find out what will happen next in regards to this issue.

For more information on Malta Data Protection Law and privacy, kindly contact GVZH Advocates on