European Union Caught With Its Hand In The Cookie Jar

    May 29, 2012

Don’t you just hate cookies? Not the delicious sweets, but the kind that follow you around on the Web tracking your behavior. It seems that the European Union hates them too hence why the “Cookie Law” went into effect this week. The law requires any Web site targeting citizens in EU nation-states to ask for permission before installing cookies.

From that description alone, it sounds like a pretty good law. It’s on par with our own proposed legislation to install “Do Not Track” buttons on Web browsers that serve American citizens. Unfortunately, the word of the law and the implementation of said law are vastly different. The good news is that the cookie law does work as advertised. The bad news is that the EU thinks that it’s above the law.

ZDNet has found that Web sites run by the EU like the European Parliament and the European Commission are still installing cookies without asking for permission. It’s kind of hypocritical to impose a law and not follow it yourself, but there might be a loophole that the EU could exploit. The cookie law only applies to member states. It might be a frivolous distinction, but there is a difference between EU member states and EU institutions at large. Those installing cookies fall into the latter.

ZDNet argues, however, that a loophole might not work this time around. They spoke to Stewart Room, data protection expert, and he says that the EU is bound by the 2001 Data Protection Regulation. One could argue that the use of cookies could be tantamount to processing personal data which would put the EU in direct conflict of its own laws.

As mentioned previously, this smacks of the current debate over the “Do Not Track” button in the U.S. The idea is to give consumers an option to disable online tracking, which is often accomplished through cookies. We discussed in length on how such an option is good at face value, but does little to actually protect privacy.

It remains to be seen if general Web sites within the EU will comply with the law or just work around it. If the government’s approach is any indication, it seems that the EU will have a bill with a pretty face that does little to protect the privacy that it claims to hold dear.

For its part, an EU spokesperson seems to be ignorant to the governing body’s own sites still installing cookies without permission. The spokesperson offered to hear any proof that found the EU “not being transparent about cookies.” It’s a start, but we’ll have to see what the future holds. The law did just go into effect yesterday. We’ll keep you updated on both the cookie law and the “Do Not Track” button.