Slashdot Mirror
EU May Outlaw Cookies
Millennium writes: "According to Yahoo News, The European Commission is considering a privacy directive which, among other things, completely bans the use of cookies. Forgive me for saying so, but considering all the legitimate uses of cookies, isn't banning them outright going just a bit too far?" Update: 10/31 19:21 GMT by M : The submitter's write-up is wrong. Read the story. Keep in mind, as usual, that a "news" story whose sole source is an executive with an agenda to push is unlikely to portray the situation accurately.
While I realize their security concerns, in my opinion the problem isn't with the cookies. The bigger security concern, is really with web bugs. The rest of the stuff that the EU seems to be concerned about really is data that could be generated by analyzing web server logs. The problem is with sites that monitor people across multiple domains.
What will we do when cookie monster is removed from the cast of Sesamee Street?
1q2w3e4r5t6y7u8i9o0pqawsedrftgthyjukilo;p'azsxdcf
It sounds like all they want is a method to have the user explicitely agree to accept a cookie whenever one's proposed. Many (most?) browsers already support that functionality. Maybe browsers just need to ship with that defaulted to "on" for EU countries. I don't really understand why they're making such a fuss.
To be honest, I think they're going about this thing entirely the wrong way. Don't attack a technology because it has the *ability* to do something you don't like. Attack those that are abusing the technology. In this case, full and proper support for the W3C's P3P initiative looks like it addresses all of the privacy concerns that go with cookies. Maybe they should be looking at this instead.
One thing Microsoft has done right recently is P3P support in IE6, and setting the browser to default itself to what I would consider a reasonable setting out of the box, which automatically blocks a significant number of 3rd-party cookies. I love seeing this in action.
From what I read, they aren't banning cookies per se. What they're banning is any collection of personal information without explicit informed consent. So you can use cookies all you want, as long as you tell the user what personal information you're storing in them and let them say whether they want to allow it or not. And if you use cookies for things like shopping carts, where there's no personal information in them, then there's no restrictions on them. All perfectly sensible to me.
Reading the Yahoo story, its pretty clear the author took the Internet Advertising Board's press release and printed it almost verbatim.
The proposed legislation has nothing to do with browser cookies, it focuses on regulating what kinds of private information marketing scum can gather and share without permission. The bill aims to prevent marketing firms from using any data obtained through illicit or decietful means to be correlated with personal identities. It would also prevent marketing from using personal information to gather other info through other means.
Web sites could still set cookies on your browser, and even track sessions from one logon to the next. But the web sites would not be allowed to match that information with individual identities. They could still gather statistics, monitor actions, and anything else cookies are useful for, but not for targetting individuals.
This legislation was proposed before, but was stalled after the IAB and a few other telemarketing firms pooled their money to fight it. It has been delayed for a while, but is back for another round.
the AC
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on