Feeds

EU agency calls for clear consent on indelible and zombie cookies

Don't just go shoving them down people's throats

Boost IT visibility and business value

New, more persistent cookies pose an increasing risk to the privacy of consumers online, according to an EU security agency report released on Friday.

The advertising industry is pushing the adoption of new, more "persistent and powerful cookies" which profile users, often without users' awareness about what's happening.

Surfers should only be offered these cookies under a system of informed consent, according to ENISA (the European Network and Information Security Agency), which is calling on the industry to explain what it is doing and make it easier to delete unwanted advertising cookies.

Cookies were initially used to manage browser-server interaction but this role has been expanded over time to include advertising management, profiling and tracking. Most of the developments were driven by the advertising industry.

The new cookies support persistent user-identification. How this technology is being applied is less than clear, especially to users, so it is therefore hard to quantify privacy and security implications that arise from their use.

ENISA wants the industry to move towards informed consent so that, for example, the utility and the data stored in cookies is clear to users.

Surfers should be given the ability to either manage or remove cookies as they see fit, it says. The EU security agency also wants cookies to be stored within browser control, a reference to Flash-type so-called zombie cookies that stay on a system even if a user clears their browser history and cache.

Finally, surfers should be given secondary mechanisms to access web services if they choose not to accept cookies from a website, it says.

Professor Udo Helmbrecht, executive director of ENISA, said: ”Much work is needed to make these next-generation cookies as transparent and user-controlled as regular HTTP cookies, so as to safeguard the privacy and security aspects of consumers and business alike.”

The EU has put forward a directive that partly covers the use of cookies (Directive 2009/136/EC) and set a timetable for this to be incorporated into the national law of member states by 25 May. The rules emphasise the need for clear consent from a user, underpinned by clear up-front explanations, before cookies are installed on a user's machine. ®

Boost IT visibility and business value

More from The Register

next story
The Return of BSOD: Does ANYONE trust Microsoft patches?
Sysadmins, you're either fighting fires or seen as incompetents now
Munich considers dumping Linux for ... GULP ... Windows!
Give a penguinista a hug, the Outlook's not good for open source's poster child
Intel's Raspberry Pi rival Galileo can now run Windows
Behold the Internet of Things. Wintel Things
Linux Foundation says many Linux admins and engineers are certifiable
Floats exam program to help IT employers lock up talent
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
Eat up Martha! Microsoft slings handwriting recog into OneNote on Android
Freehand input on non-Windows kit for the first time
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.