Europe should abandon its expensive internet cookies law

DISCLAIMER: All opinions in this column reflect the views of the author(s), not of EURACTIV Media network.

The European Commission is reviewing the ePrivacy directive--Alan McQuinn and Daniel Castro say it should be repealed. [Pexels]

The European Commission should repeal its ‘cookies law’ – it’s expensive for online businesses and a burden for internet users, writes Alan McQuinn and Daniel Castro.

Alan McQuinn is a research analyst at the Information Technology and Innovation Foundation, a Washington-based technology policy think tank. Daniel Castro is ITIF vice president.

Rather than simply update the ePrivacy directive to ensure that it is in line with the EU’s recently passed data protection regulation, policymakers now have an opportunity to repeal the ‘cookie’ provisions entirely.

The European Commission is reviewing the 2009 ePrivacy directive, which regulates HTTP cookies – small text files sent from a website and stored in a user’s web browser while the user is browsing that website. This so-called “cookie law” forces all European websites to not only post their cookie policies, but also to obtain consent from visitors to hold on to or retrieve cookies that collect, store, or process consumer data. This directive has produced a rash of unintended consequences that have real costs for European citizens and businesses with few or no upsides.

Cookies are used for many purposes, from targeted advertising to providing authentication and security for users operating personal profiles on websites. The basic objection EU policymakers raised about cookies is that some people don’t know how they’re used or how to control them, so they may infringe on the user’s online privacy.

To comply with the directive, many European website operators have added a banner or pop-up notification about the website’s use of cookies when a user logs onto the site. To be sure, a number of countries have stopped implementing the law, either by allowing websites to use implied consent (i.e., they do not need to gain explicit consent if a cookie notification is visible on the website) or by not implementing the rules in the first place.

Unfortunately, there are still a number of problems with the ePrivacy directive that put it at odds with today’s digital economy. First, the EU’s rules have costs. The total annual cost of the directive for both compliance by European website operators and productivity losses from users is over €2 billion. Moreover, the directive imposes other costs on businesses and consumers.

Commission to propose reform of ePrivacy directive in 2017

The European Commission announced it will come out with a legislative proposal to reform the ePrivacy directive in mid-2017.

Online advertising pays for the majority of the free and low-cost content on the internet and because targeted ads are more effective than non-targeted ads, advertisers are willing to pay more for the former. If websites reduce the use of targeted online advertising in response to these rules, there will be less money available to support European content and services, money that could otherwise go to budding European internet “unicorns.”

Second, the directive offers little to no benefits. By requiring websites to notify users of all cookies, the policy discourages the use of uncontroversial types of cookies that allow users to personalise their online experience. A business may not want to pay the compliance costs that would allow it to add personalisation features to its website. In addition, this directive discourages better quality targeted advertising that improves the experience of consumers, who benefit from seeing better ads.

Third, European users have filed relatively few complaints about the use of cookies. The United Kingdom’s Information Commissioner’s Office received only 210 complaints regarding cookies between April 2015 and March 2016, compared to 161,186 complaints for nuisance calls, text messages, and email during the same period. It is not worth calming the concerns of this small number of people to keep a directive that creates such financial burden and hassle for EU website users.

Given these costs and the rules’ limited benefits, it is clear the cookie rules in the ePrivacy directive are unnecessary. A number of telco operators, online service providers, hardware manufacturers, and online publishers have already called for the directive to be repealed altogether.

European policymakers should listen to the collective voice of a large portion of the online ecosystem and abolish this mostly symbolic directive: it would benefit the digital economy and make it easier for citizens to browse the web.

Parliament approves privacy rules after record number of amendments

MEPs approved new EU privacy rules today (14 April), including a regulation on consumer privacy that drew the aggressive ire of lobbyists during its four-year run through negotiations in the European Parliament.

Subscribe to our newsletters