EU: Time running out for web companies on 'do not track' system
Steely Neelie: Agree on it by June, or I'll force one on you
Internet companies have been urged to establish a final standardised system that will allow users to control their privacy settings across websites.
Neelie Kroes, EU Commissioner responsible for the Digital Agenda, reiterated her demand that the technology be agreed upon by June in a speech at a meeting of the World Wide Web Consortium (W3C), according to a report by ZDNet.
Last summer Kroes warned internet companies that she would "not hesitate to employ all available means to ensure our citizens' right to privacy" if a standardised system for indicating user consent to their online activity being tracked was not agreed by June 2012.
"Do-not-track today is still an aspiration rather than a reality," Kroes said, according to the ZDNet report. "And that is why I have called for agreement on a do-not-track standard by June of this year. I am happy that work on this is proceeding in the World Wide Web Consortium. But we need to act fast to turn do-not-track into a reality for all web users".
However, EU privacy rules that came into force last May state that storing and accessing information on users' computers is only lawful "on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information … about the purposes of the processing". Consent must be unambiguous and be explicitly given.
Confusion has reigned over what practical measures can be used to obtain lawful consent to cookie tracking, although the Information Commissioner's Office in the UK has issued guidance on what it considers acceptable methods for achieving consent. The UK Government has also said that it has been working with browser manufacturers to find a system for obtaining user consent to cookies.
In November, W3C announced draft plans outlining how publishers must treat users who demand that their online activity not be tracked. Standards are agreed technical specifications to ensure that a single technology is used across an industry, often with the goal of achieving interoperability of products regardless of the manufacturer. W3C is responsible for making sure components of the world wide web work together.
Under the draft 'do not track' (DNT) plans unveiled by W3C, restrictions could be placed on publishers over their use of data to decide what content or adverts to show to users. Other plans in the draft suggested site operators would not be able to use previously-gathered information about visitors if, on subsequent visits, they are using a browser with DNT settings activated.
Neelie Kroes previously said that the new DNT standard must allow users to tell websites not to track their online behaviour and know exactly what the companies mean when they are told their activity is not recorded. In her speech on Tuesday she reiterated that requirement.
"When providers receive do-not-track signals from their users, how they need to respond may be different depending on whether the user is in Europe, the US or wherever," Kroes said, according to the ZDNet report. "So the system will need to adapt flexibly, depending on the jurisdiction in question".
Kroes' support for the US-driven DNT system was called into question by the EU's dedicated privacy watchdog last year. Peter Hustinx, the European Data Protection Supervisor, said Kroes was giving out inconsistent advice to website owners on how they should obtain users' consent to cookies. He said that the DNT system "although valuable" seemed to "fall short of the" of the requirements for obtaining lawful consent set out in the EU's Privacy and Electronic Communications Directive.
Copyright © 2012, OUT-LAW.com
OUT-LAW.COM is part of international law firm Pinsent Masons.