EU cookie law to be reviewed

Widely criticised e-Privacy Directive to be reformed following public consultation

The European Union e-Privacy Directive, the pan-European law that required website operators to put cookie-warning pop-ups on their sites, is to be reviewed.

In the review, the European Commission will consult with businesses, industry bodies and other "stakeholders" over possible reforms to the law, which has been widely criticised, on the one hand, for being ineffective, while on the other blasted for annoying web users for little positive effect.

However, the Commission has indicated that it plans to give EU e-privacy rules sharper teeth, which may mean more onerous online rules to comply with for companies across Europe.

The Commission claims that the review will have three objectives. First, to assess the need to update the Directive and, hence, to broaden the scope of EU e-privacy rules. Second, to make e-privacy laws in Europe consistent with the freshly passed General Data Protection Regulation. And, third, to improve security and confidentiality of communications throughout the EU.

The review will also cover consent requirements, which encompass the cookie warnings that websites across the EU have been required to provide users since 2013.

One area that the Commission is keen to consider is extending a beefed-up e-Privacy Directive beyond what it calls "over-the-top providers", which would typically be traditional telecoms companies, to all providers of communications services. The Directive could therefore be extended to encompass social media networks and messaging services, such as Skype and WhatsApp.

However, it isn't the first time that the EU has looked to reform the Directive. According to law firm Pinsent Masons, it first expressed an intention to reform the e-Privacy Directive in 2014. An EU e-Privacy Framework document published last year also suggested changes to rules relating to cookies, direct digital marketing and the processing of location data.

Anna Fielder, trustee and board chair at privacy campaigners Privacy International, told Computing that the rules need to change to cut down on the level of ongoing online surveillance that major internet companies engage in.

"The cookie directive debate was that the directive said companies should give people explicit consent, to be aware of what's going on, and so they should be able to opt out if they want to. It resulted in those annoying things coming down when you search the web saying ‘we put cookies on your PC and you either agree or not', which serves no purpose.

"What would be great, if possible, is if you could block all those cookies you still get ads, but you just won't get profiled and targeted. Google will still make money as lot of it is based on contextual advertising and ads based on the search terms. I don't see a problem with that. But I see a problem when they follow you around the internet and can build an image of you from it," said Fielder.

The review comes at the same time that the European Union is struggling to reach a replacement for the Safe Harbor agreement with the US, potentially affecting online businesses across both blocs.