Feeds

EU: Time running out for web companies on 'do not track' system

Steely Neelie: Agree on it by June, or I'll force one on you

The Essential Guide to IT Transformation

Internet companies have been urged to establish a final standardised system that will allow users to control their privacy settings across websites.

Neelie Kroes, EU Commissioner responsible for the Digital Agenda, reiterated her demand that the technology be agreed upon by June in a speech at a meeting of the World Wide Web Consortium (W3C), according to a report by ZDNet.

Last summer Kroes warned internet companies that she would "not hesitate to employ all available means to ensure our citizens' right to privacy" if a standardised system for indicating user consent to their online activity being tracked was not agreed by June 2012.

"Do-not-track today is still an aspiration rather than a reality," Kroes said, according to the ZDNet report. "And that is why I have called for agreement on a do-not-track standard by June of this year. I am happy that work on this is proceeding in the World Wide Web Consortium. But we need to act fast to turn do-not-track into a reality for all web users".

Websites and third parties, such as advertisers, often like to record users' online interaction in order to serve personalised content, such as adverts, based on that recorded information. Websites can use a number of methods to collect user-specific data, including through the use of cookies. Operators sometimes pass on information stored in cookies to advertisers in order that they can serve behavioural adverts based on users' activity and apparent interests.

However, EU privacy rules that came into force last May state that storing and accessing information on users' computers is only lawful "on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information … about the purposes of the processing". Consent must be unambiguous and be explicitly given.

Confusion has reigned over what practical measures can be used to obtain lawful consent to cookie tracking, although the Information Commissioner's Office in the UK has issued guidance on what it considers acceptable methods for achieving consent. The UK Government has also said that it has been working with browser manufacturers to find a system for obtaining user consent to cookies.

In November, W3C announced draft plans outlining how publishers must treat users who demand that their online activity not be tracked. Standards are agreed technical specifications to ensure that a single technology is used across an industry, often with the goal of achieving interoperability of products regardless of the manufacturer. W3C is responsible for making sure components of the world wide web work together.

Under the draft 'do not track' (DNT) plans unveiled by W3C, restrictions could be placed on publishers over their use of data to decide what content or adverts to show to users. Other plans in the draft suggested site operators would not be able to use previously-gathered information about visitors if, on subsequent visits, they are using a browser with DNT settings activated.

Neelie Kroes previously said that the new DNT standard must allow users to tell websites not to track their online behaviour and know exactly what the companies mean when they are told their activity is not recorded. In her speech on Tuesday she reiterated that requirement.

"When providers receive do-not-track signals from their users, how they need to respond may be different depending on whether the user is in Europe, the US or wherever," Kroes said, according to the ZDNet report. "So the system will need to adapt flexibly, depending on the jurisdiction in question".

Kroes' support for the US-driven DNT system was called into question by the EU's dedicated privacy watchdog last year. Peter Hustinx, the European Data Protection Supervisor, said Kroes was giving out inconsistent advice to website owners on how they should obtain users' consent to cookies. He said that the DNT system "although valuable" seemed to "fall short of the" of the requirements for obtaining lawful consent set out in the EU's Privacy and Electronic Communications Directive.

Copyright © 2012, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

The Essential Guide to IT Transformation

More from The Register

next story
Has Europe cut the UK adrift on data protection?
EU reckons we've one foot out the door anyway
Just TWO climate committee MPs contradict IPCC: The two with SCIENCE degrees
'Greenhouse effect is real, but as for the rest of it ...'
'Blow it up': Plods pop round for chat with Commonwealth Games tweeter
You'd better not be talking about the council's housing plans
Arrr: Freetard-bothering Digital Economy Act tied up, thrown in the hold
Ministry of Fun confirms: Yes, we're busy doing nothing
Government's 'Google Review' copyright rules become law
Welcome in a New Era ... of copyright litigation
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
Apple smacked with privacy sueball over Location Services
Class action launched on behalf of 100 million iPhone owners
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.