Feeds

EU: Time running out for web companies on 'do not track' system

Steely Neelie: Agree on it by June, or I'll force one on you

Providing a secure and efficient Helpdesk

Internet companies have been urged to establish a final standardised system that will allow users to control their privacy settings across websites.

Neelie Kroes, EU Commissioner responsible for the Digital Agenda, reiterated her demand that the technology be agreed upon by June in a speech at a meeting of the World Wide Web Consortium (W3C), according to a report by ZDNet.

Last summer Kroes warned internet companies that she would "not hesitate to employ all available means to ensure our citizens' right to privacy" if a standardised system for indicating user consent to their online activity being tracked was not agreed by June 2012.

"Do-not-track today is still an aspiration rather than a reality," Kroes said, according to the ZDNet report. "And that is why I have called for agreement on a do-not-track standard by June of this year. I am happy that work on this is proceeding in the World Wide Web Consortium. But we need to act fast to turn do-not-track into a reality for all web users".

Websites and third parties, such as advertisers, often like to record users' online interaction in order to serve personalised content, such as adverts, based on that recorded information. Websites can use a number of methods to collect user-specific data, including through the use of cookies. Operators sometimes pass on information stored in cookies to advertisers in order that they can serve behavioural adverts based on users' activity and apparent interests.

However, EU privacy rules that came into force last May state that storing and accessing information on users' computers is only lawful "on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information … about the purposes of the processing". Consent must be unambiguous and be explicitly given.

Confusion has reigned over what practical measures can be used to obtain lawful consent to cookie tracking, although the Information Commissioner's Office in the UK has issued guidance on what it considers acceptable methods for achieving consent. The UK Government has also said that it has been working with browser manufacturers to find a system for obtaining user consent to cookies.

In November, W3C announced draft plans outlining how publishers must treat users who demand that their online activity not be tracked. Standards are agreed technical specifications to ensure that a single technology is used across an industry, often with the goal of achieving interoperability of products regardless of the manufacturer. W3C is responsible for making sure components of the world wide web work together.

Under the draft 'do not track' (DNT) plans unveiled by W3C, restrictions could be placed on publishers over their use of data to decide what content or adverts to show to users. Other plans in the draft suggested site operators would not be able to use previously-gathered information about visitors if, on subsequent visits, they are using a browser with DNT settings activated.

Neelie Kroes previously said that the new DNT standard must allow users to tell websites not to track their online behaviour and know exactly what the companies mean when they are told their activity is not recorded. In her speech on Tuesday she reiterated that requirement.

"When providers receive do-not-track signals from their users, how they need to respond may be different depending on whether the user is in Europe, the US or wherever," Kroes said, according to the ZDNet report. "So the system will need to adapt flexibly, depending on the jurisdiction in question".

Kroes' support for the US-driven DNT system was called into question by the EU's dedicated privacy watchdog last year. Peter Hustinx, the European Data Protection Supervisor, said Kroes was giving out inconsistent advice to website owners on how they should obtain users' consent to cookies. He said that the DNT system "although valuable" seemed to "fall short of the" of the requirements for obtaining lawful consent set out in the EU's Privacy and Electronic Communications Directive.

Copyright © 2012, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.