Feeds

EU: Time running out for web companies on 'do not track' system

Steely Neelie: Agree on it by June, or I'll force one on you

Combat fraud and increase customer satisfaction

Internet companies have been urged to establish a final standardised system that will allow users to control their privacy settings across websites.

Neelie Kroes, EU Commissioner responsible for the Digital Agenda, reiterated her demand that the technology be agreed upon by June in a speech at a meeting of the World Wide Web Consortium (W3C), according to a report by ZDNet.

Last summer Kroes warned internet companies that she would "not hesitate to employ all available means to ensure our citizens' right to privacy" if a standardised system for indicating user consent to their online activity being tracked was not agreed by June 2012.

"Do-not-track today is still an aspiration rather than a reality," Kroes said, according to the ZDNet report. "And that is why I have called for agreement on a do-not-track standard by June of this year. I am happy that work on this is proceeding in the World Wide Web Consortium. But we need to act fast to turn do-not-track into a reality for all web users".

Websites and third parties, such as advertisers, often like to record users' online interaction in order to serve personalised content, such as adverts, based on that recorded information. Websites can use a number of methods to collect user-specific data, including through the use of cookies. Operators sometimes pass on information stored in cookies to advertisers in order that they can serve behavioural adverts based on users' activity and apparent interests.

However, EU privacy rules that came into force last May state that storing and accessing information on users' computers is only lawful "on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information … about the purposes of the processing". Consent must be unambiguous and be explicitly given.

Confusion has reigned over what practical measures can be used to obtain lawful consent to cookie tracking, although the Information Commissioner's Office in the UK has issued guidance on what it considers acceptable methods for achieving consent. The UK Government has also said that it has been working with browser manufacturers to find a system for obtaining user consent to cookies.

In November, W3C announced draft plans outlining how publishers must treat users who demand that their online activity not be tracked. Standards are agreed technical specifications to ensure that a single technology is used across an industry, often with the goal of achieving interoperability of products regardless of the manufacturer. W3C is responsible for making sure components of the world wide web work together.

Under the draft 'do not track' (DNT) plans unveiled by W3C, restrictions could be placed on publishers over their use of data to decide what content or adverts to show to users. Other plans in the draft suggested site operators would not be able to use previously-gathered information about visitors if, on subsequent visits, they are using a browser with DNT settings activated.

Neelie Kroes previously said that the new DNT standard must allow users to tell websites not to track their online behaviour and know exactly what the companies mean when they are told their activity is not recorded. In her speech on Tuesday she reiterated that requirement.

"When providers receive do-not-track signals from their users, how they need to respond may be different depending on whether the user is in Europe, the US or wherever," Kroes said, according to the ZDNet report. "So the system will need to adapt flexibly, depending on the jurisdiction in question".

Kroes' support for the US-driven DNT system was called into question by the EU's dedicated privacy watchdog last year. Peter Hustinx, the European Data Protection Supervisor, said Kroes was giving out inconsistent advice to website owners on how they should obtain users' consent to cookies. He said that the DNT system "although valuable" seemed to "fall short of the" of the requirements for obtaining lawful consent set out in the EU's Privacy and Electronic Communications Directive.

Copyright © 2012, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Top three mobile application threats

More from The Register

next story
EU: Let's cost financial traders $400m a day, because EVIL BANKERS. Right?
Wait 'til this one hits your pension fund where it hurts
Systems meltdown plunges US immigration courts into pen-and-paper stone age
Massive outage could last four weeks, sources claim
RIP net neutrality? FCC boss mulls 'two-speed internet'
Financial fast track to replace level competitive playing field, report claims
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
UK.gov chucks £28m at F1 tech for buses and diggers plan
Well, not really F1 but who's heard of LMP and VLN*?
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.