On May 25th an amendment will be incorporated into UK law, forbidding websites from sending cookies to users’ computers, or receiving them, without prior consent. The rule states:
"Member States shall ensure that the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information… about the purposes of the processing."
There will inevitably be complaints from advertisers, as targeted marketing is hugely valuable and allows companies to gauge the success of ad campaigns. However, it is a product of the rapid evolution of the internet that this sort of legislation has taken so long to come to fruition. Advertisers should never have had access to files on consumers’ computers without the express permission being given. While targeted marketing can be beneficial for users by filtering out advertisements which aren’t relevant or wanted, consent should be required.
European Justice Commissioner Viviane Reding outlined the thinking behind the change in a speech to the European Parliament yesterday:
"I want to explicitly clarify that people shall have the right – and not only the possibility – to withdraw their consent to data processing. The burden of proof should be on data controllers – those who process your personal data. They must prove that they need to keep the data, rather than individuals having to prove that collecting their data is not necessary."
The rules will also give people “the right to be forgotten”, strengthening the rights of individuals to have their information deleted and placing the onus on websites to prove they need to keep the data. In addition, social networks were singled out by the Justice Commissioner as requiring a more transparent method of data processing because of the large amount of young people who sign up to their services.
The short space of time before the amendment comes into effect could lead to negative consequences. No one wants an intrusive pop-up on every website they visit asking permission for cookies. Government must work together with internet browser companies to find a solution acceptable to everyone rather than waiting to see what happens on May 25th. A radical approach would be for websites to pay internet users for the right to store cookies on their computers. Without an incentive, there is a risk that users will simply reject all cookies in the interests of privacy, permanently damaging internet marketing.