Note: It’s admirable that EU lawmakers are so dedicated to the online security of their citizens. Sometimes no matter how great the alternative may be, dedicated hosting is the only solution. Check out NetHosting’s dedicated hosting packages today.
The U.K. ignored the E-Privacy Directive when the compliance deadline rolled around last year and now it’s do or die for the nation’s tech companies.
The EU Directive 2009/136/EC is more simply known as the E-Privacy Directive and has been nicknamed the Cookie Law. It was actually passed into European law in 2009, and consists of a number of amendments to laws that have to do with electronic communication and data privacy. The cookie part of the law refers to Article 5(3) which addresses websites and their data storage. The actual text states:
“. . . the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information . . . about the purposes of the processing.” In layman’s terms, that means websites have to give users the option to accept or deny the installation of cookies.
First off, more than just cookies are under fire. HTML5 has a local storage feature that can be enabled which would then fall under this law’s jurisdiction. Also there have been many misconceptions that this will permanently ban cookies from being used online but in reality, as the text of the law states, it just requires permission from users before cookies are stored. And finally, under this law not all cookies are created equal. For example, session cookies track what items are in the basket of an e-cart during online shopping, and are therefore exempt from this law.
Lawmakers in the EU recognized that users didn’t have much control over what websites knew about them and how websites were using what they do know about their users. And for as big of a hassle as this is to website developers, a recent study proved that the average British web page has 14 different tracking tools on it and users often don’t know they’re being monitored. This law is the first attempt in what some are predicting will be a long string of laws coming down the pipeline in an effort to homogenize data retention and privacy regulations online throughout the EU.
Note: Privacy and security are NetHosting’s top priorities for our customers’ data and our own facilities. Learn more about our secure hosting and all of the security we implement to deliver peace-of-mind hosting to all of our customers.
This is coming into the limelight three years after its passing because of the difficulty countries have had in synthesizing their own laws with this new federal regulation. The deadline for countries was 2011 but when that rolled around, only Denmark and Estonia had successfully complied with the regulations from the E-Privacy Directive. The U.K. decided to defer adoption for one year, but it’s unclear whether it really had any authority to do that or not. And now that the country’s year is up, the Cookie Law is buzzing around tech news once again.
A big question mark surrounding all of this is who will be affected by it. With the nature of hosting, data centers in Europe that host sites for South America might find themselves under the thumb of this new Cookie Law. Hosting providers can breathe a collective sigh of relief however. This law, unlike other online regulations, doesn’t apply to where your dedicated, virtual, or cloud hosting is, but where your intended audience is. Although that does little to comfort those who run services like web analytics, advertising, and recommendations, which traverse international boundaries often, and will be subject to this EU ruling.
Those against the law are mostly European startups, concerned that this will lose them traffic, money, and users (due to the stigma most have that all cookies are automatically bad). These fledgling companies are worried that this will give American startups the edge since they don’t have to conform to the same regulations.
However, if it’s true that only when a site targets an audience in the EU it becomes subject to these regulations, then it would seem that American companies entering the EU market will also be affected by this law. With so few countries complying, it’s hard to tell what will actually be enforced in the coming months and years, and if this law will even hold its own against the barrage of criticism leveled against it.
If you’re interested in reading more about what’s going on in the EU, check out our blog post about social media invigorating tourism in Iceland.