Brussels cunning plan to save the EU: No more Cookie Popups

We’ll kill the consent requirement – so no more Exits, please

Cookie Monster

Beleaguered Brussels bureaucrats have come up with a cunning plan to make us love the European Union again. They might relax the world’s most hated internet regulation.

Directive 2009/136/EC, also known as the "Cookie Directive" has obliged websites hosted in member states to pester users with a popup if the site uses cookies, and it has become an emblem of well-intentioned but futile gesture politics. If it felt like a throwback to another era, that's because it was: the originally cookie amendment dates back to 2001.

One pundit, subsequently honoured with an MBE, predicted that the Cookie Directive “will kill off the European startup industry stone dead, handing the entire sector to other markets and companies, and largely those in US” (sic).

That didn’t happen, of course, but in five years users around the world have clicked the EU popups billions of times, giving consent to cookies, without any material improvement to their privacy. Concerns about cookies were in any case dwarfed by concerns about spam.

A draft of the major overhaul of the ePrivacy Regulation that leaked last week suggests that the EU now recognises that the popup was a waste of time.

Laura White at Data Protection Report notes that:

The recitals suggest that the circumstances in which consent is not required can be interpreted more broadly than currently. For example, cookies used to give effect to users’ website preferences or required to fill in online forms or keep shopping trolleys stable are likely to be exempt from the consent requirement. It would also appear that consent is not required for the use of analytics cookies. This, coupled with the point below, may lead to the end of the cookie consent pop-ups that many users find irritating.

The new regulations also contains new rules for marketing communications and will ensnare OTT services like WhatsApp, owned by Facebook. The Commission wants the ePrivacy regulation to come into effect at the same time as the GDPR, in May 2018, which looks optimistic. ®

Sponsored: Becoming a Pragmatic Security Leader




Biting the hand that feeds IT © 1998–2019