The European Commission should repeal its ‘cookies law’ – it’s expensive for online businesses and a burden for internet users, writes Alan McQuinn and Daniel Castro.
Alan McQuinn is a research analyst at the Information Technology and Innovation Foundation, a Washington-based technology policy think tank. Daniel Castro is ITIF vice president.
Rather than simply update the ePrivacy directive to ensure that it is in line with the EU’s recently passed data protection regulation, policymakers now have an opportunity to repeal the ‘cookie’ provisions entirely.
The European Commission is reviewing the 2009 ePrivacy directive, which regulates HTTP cookies – small text files sent from a website and stored in a user’s web browser while the user is browsing that website. This so-called “cookie law” forces all European websites to not only post their cookie policies, but also to obtain consent from visitors to hold on to or retrieve cookies that collect, store, or process consumer data. This directive has produced a rash of unintended consequences that have real costs for European citizens and businesses with few or no upsides.
Cookies are used for many purposes, from targeted advertising to providing authentication and security for users operating personal profiles on websites. The basic objection EU policymakers raised about cookies is that some people don’t know how they’re used or how to control them, so they may infringe on the user’s online privacy.
Unfortunately, there are still a number of problems with the ePrivacy directive that put it at odds with today’s digital economy. First, the EU’s rules have costs. The total annual cost of the directive for both compliance by European website operators and productivity losses from users is over €2 billion. Moreover, the directive imposes other costs on businesses and consumers.
Online advertising pays for the majority of the free and low-cost content on the internet and because targeted ads are more effective than non-targeted ads, advertisers are willing to pay more for the former. If websites reduce the use of targeted online advertising in response to these rules, there will be less money available to support European content and services, money that could otherwise go to budding European internet “unicorns.”
Second, the directive offers little to no benefits. By requiring websites to notify users of all cookies, the policy discourages the use of uncontroversial types of cookies that allow users to personalise their online experience. A business may not want to pay the compliance costs that would allow it to add personalisation features to its website. In addition, this directive discourages better quality targeted advertising that improves the experience of consumers, who benefit from seeing better ads.
Given these costs and the rules’ limited benefits, it is clear the cookie rules in the ePrivacy directive are unnecessary. A number of telco operators, online service providers, hardware manufacturers, and online publishers have already called for the directive to be repealed altogether.
European policymakers should listen to the collective voice of a large portion of the online ecosystem and abolish this mostly symbolic directive: it would benefit the digital economy and make it easier for citizens to browse the web.