Basically, a cookie is a small file which a web site puts on your computer's hard disk so that it can remember something about you at a later time. It can be used to record a user's site preferences or to rotate the banner ads that the user sees on one or more web sites. Some argue that cookies are an invasion of privacy, which can be true if they are not used responsibly. However, the user can reject cookies at any time by changing his browser settings and deleting existing cookie files from his hard disk, and when used properly, they can enhance the user's experience in using the internet.
ZD Net quotes Iain Bourne, strategic policy officer to the Commissioner:
"If organisations are going to put lots of computer code on a machine that tracks a person's movements on-line, individuals should be told about it. This shouldn't be happening until they have agreed to it."
In December 2001, a debate by the European Council on the "draft Directive on the processing of personal data and the protection of privacy in the electronic communications sector," resulted in an agreement to amend a cookie proposal. Previously, the European Parliament had proposed an obligation on web sites to obtain prior consent from users before using cookies. This obligation was attacked by critics who saw it as a threat to the efficiency of web sites in the EU.
The Council rejected the Parliament's opt-in approach. It favoured a slightly less onerous obligation: to provide users clear and comprehensive information in advance about the purposes of cookies and to offer them the possibility to refuse. The amendment is awaiting the view of the Parliament.
The UK Information Commissioner seems to be siding with the Parliament's original proposal. This will concern all those who pointed out that, without cookies, many sites cannot function effectively. Users can already set their browsers to reject cookies and some web sites accept the commercial risk in being less accessible if users choose to reject all cookies. However, if users must be prompted by each site they visit, the law would still affect efficiency and necessitate expensive re-designs.
In response to the EU's original opt-in proposal, the UK Advertising Association made the following points about the likely implications for e-business:
- Users would be very irritated if they had to remember all their passwords and usernames and if they had to re-register at sites on every visit.
- On-line advertising would be less effective if advertisers could not track the effectiveness of their campaigns or ensure that users did not see the same advert over and over again. If European sites lost advertising revenue for this reason, users would instead visit US sites.
- Re-designing sites to comply with such a requirement would be expensive.
