Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
Editor's Blog and Industry Comments

EU Cookie Directive Scheduled for Late May

15 March, 2012
Despite the May deadline for implementing the EU Cookie directive, confusion still remains on terminology and practical implementation guidelines
The general purpose of the directive is to give web users the option to opt-out of unnecessary cookies for each website they visit, an objective that arose from the growth of targeted advertising based on the browsing habits of the user, something that raises legitimate privacy concerns if not carried out ethically.



However, when it comes to setting up such a directive, the whole process quickly sinks into a mire of uncertainty and the need for increasingly complex definitions. For example, the directive excludes cookies which are "necessary for the delivery of a service requested by the user". Quite what they are is open to interpretation. The directive itself provides the example of online shopping sites that need to use cookies at each step of the transaction process leading to a payment.



The directive also goes on to say that general browser settings such as "accept all cookies" is not enough and the acceptance stage needs to be done for each affected site. This is where it all gets difficult for both the site owner and the user. What should the site present to the user to enable the opt-in (or opt-out) decision to be made? Will the site still function if the user opt-out?



From the user's point of view, how do you arrive at the decision? This is analogous to those strange and senseless AV messages that say something like "Xuy.exe is trying to access the internet which is potentially dangerous behaviour. No details are known about this file" and then you have to click Allow or Deny without enough information to make the correct choice.



So now imagine this... For EVERY website you visit, you'll be asked to opt-in to or opt-out of cookies. To make that decision, you'll need to know what cookies are used and why, how they're used and by whom and what the privacy policy is of the website owners. That's a lot of information needed to make an informed decision and most of us aren't that interesting in performing such in-depth research.



The UK's Information Commissioners Office has already admitted that enforcement will be difficult in the early stages after the May deadline so if they're confused by it, we can expect plenty of doubt, uncertainty and at best, ragged implementation.
Bookmark and Share