Britain Says ‘No Thanks’ to Europe’s Cookie Monster

Cookie MonsterIt’s barely a month since news that European regulators were bringing new rules on Internet cookies into force caused a stink across the continent — but it looks like common sense might have won out already.
The issue revolved around an incoming, continent-wide directive that requires companies to get a user’s consent before implanting tracking cookies on his computers. There were huge questions about the rules, including not only what “consent” means exactly, but also that, under the federalized European system, each nation can apply the directive in its own way.
The directive caused an explosion of outrage that tapped into widespread mistrust of politicians in Brussels and a deep Euro-phobic viewpoint that pervades the online business community. Those who criticized the directive were vehement; they foresaw a situation in which European users were forced to act every single time any company wanted to use a cookie — something they suggested was going to damage European competitiveness, impose an insufferable legal and regulatory burden on European startups and maybe even end up killing off the sector.
At the time, I argued that the rules weren’t going to kill anyone or anything — not least because implementation would not be as drastic as the doomsayers were predicting. In fact, I suggested, it could be seen as a positive step toward making online businesses more transparent and accountable for the information they gather and profit from. Not everyone agreed.
Still, once the brouhaha died down, local governments were left to continue their job of trying to work out what the law actually meant. And now we’ve got an idea, since the British government has published its proposals on how the European rules would apply inside the U.K.
Guess what? Nobody’s going to die.
Essentially, the proposals suggest a few things:

  • The most effective way for users to tell websites they don’t wanted to be tracked is for their browser to handle their privacy. (So no unending stream of pop-up boxes).
  • If browsers don’t do this already — and they don’t — then they should. (There will be discussions to reach a solution, along the same lines as the current Do Not Track scheme in the U.S.).
  • Although this means websites and services could be seen as technically breaching the rules in the meantime, nobody is going to get prosecuted if they aren’t flagrantly abusing private user information. (There’s no need for drastic interim action).

It’s the outcome most were hoping for, and will perhaps be claimed as a victory by the vocal lobby that emerged a month ago. The truth is more prosaic: Any country that has a significant Internet economy knows that wholesale changes are going to cause problems, and so the broader solution is more appealing on all sorts of levels. The reaction may have been heard somewhere inside, but anyone who thinks the wheels of government turn that fast, even when oiled by splenetic outrage, is kidding themselves.
Still, none of this means it’s all over. Progress is slow, and dependent in part on how other countries implement their own solutions to the European rule. As Phil Lee, a specialist in Internet privacy law for London-based law firm Field Fisher Waterhouse, puts it: “The [British] government seems to have successfully steered a middle course… the question now, of course, is what the rest of Europe will do.”