European privacy advocates have expressed their criticism of the advertising industry’s self-imposed code on behavioural advertising, especially in relation to the tracking of online browsing habits via the use of ‘cookies’.
Tracking: informed consent necessary
Cookies, once downloaded to a user’s computer, track the user’s online behaviour and thus help advertisers to tailor their adverts to the user’s specific interests in so-called ‘behavioural advertising’.
Pursuant to the e-Privacy Directive of 2009 an internet user must give their informed consent to the the processing of information collected via terminal equipment, cookies included.
In reaction to rapid technological innovation and the problems that arose in relation to cookies and the consumers’ awareness of how their behaviour was being tracked, in April 2011 the advertising industry adopted a self-regulatory Best Practice Recommendation on online behavioural advertising.
EU-wide icon denoting behavioural advertising
Pursuant to the Recommendation, an EU-wide icon was to appear in or around all online behavioural advertisements and was to signal to consumers that behavioural advertising was being used.
The icon would lead the consumer to a special website, where information on behavioural advertising would be provided, along with the possibility of opting out from receiving cookies by specific companies.
Consent should be given before cookies are downloaded
The Article 29 Data Protection Working Party, a group of 27 national data protection and privacy agencies that advises the European Commission on privacy issues, has now issued an opinion in which it warns that the implementation of a behavioural advertising website does not meet the criteria of ‘informed consent’.
Consent should be given before cookies are downloaded on computers, warn privacy watchdogs, adding that the website creates the wrong presumption that it is possible to choose not to be tracked while surfing the Internet.
Overhaul of data protection legislation
The opinion comes at a time when a comprehensive overhaul of the EU Data Protection Directive is being discussed, as the existing Directive from 1995 was implemented before the internet boom and the consequent privacy issues it brought to light.
The legislative overhaul is to come in January 2012 and could see an altering in the concept of personal data, especially in connection with online transactions.
More on the topic of online privacy can be found in Apahia’s White Paper ‘Difficulties of Enforcing Privacy and Data Protection Claims in a Global Online Environment‘.
