EU: Recertification under the "Cookie Law" made more difficult
Category: NachrichtenBy: M. Schröder - 2B Advice GmbH - the privacy benchmark
The amendments to Article 5, para. 3 of Directive 2002/58/EC by the so-called "Telecommunications Packet" of the EU are leading to an immediate increase in requirements for the certification or recertification of IT products or IT-based services within the framework of the EuroPriSe program.
The amended law came into force on December 19, 2009; the amendments to Article 5, para. 3 are to be implemented in national law by May 25, 2011. In its position paper of July 2010, EuroPriSe makes clear that, for a successful (re)certification, current European law must be observed. Due to the actual, particularly technical, circumstances, EuroPriSe grants to the vendors of services that employ cookies a transition period of up to May 25, 2011. Even during this transition period, EuroPriSe is boosting requirements for the use of cookies. According to the position paper, these increased requirements are placed particularly on vendors of services for behavioral advertising, but are also applicable as such for other IT services and products, if such employ cookies.
When using cookies, the following conditions are to be fulfilled:
- The user must be informed in an understandable form of all necessary information, particularly regarding the identity of the responsible entity along with the purposes that the cookie serves.
- The user must be informed and provide his or her voluntary consent.
Consent is not required if the employment of the cookies is compellingly necessary for the service, and the user has expressly requested the service.
EuroPriSe states that an effective consent may be carried out via browser settings in only in a few very special cases. As an alternative, it suggests the use of pop-up windows or clearly understandable icons, which are displayed before a cookie is set or selected. Moreover, it suggests that browser producers and commercial companies develop new ideas on how the new guidelines of the directive may be technically implemented.
In fact, technical implementation is currently in the dark. The integration of pop-up windows could be prevented by pop-up blockers, clearly understandable icons had to be developed and technical integration should allow for notification prior to the storage of the cookies. This is a problem that also concerns pop-up windows. The question as to whether this will require new interfaces and technologies, and to what extent, remains to be answered.
For the transition period of up to May 25, 2011, the following increased requirements apply to a recertification:
- Even before the change in the legal situation, the requirements that have been made must still be fulfilled (e.g., waiving of sensitive categories)
- The requirements for transparency have been increased. For example, transparency can be significantly improved by placing an appropriate icon linked to an information page within an advertising banner.
- The first steps for the introduction of opt-in mechanisms must be undertaken.
Companies that have their IT products or IT-based services certified according to the EuroPriSe criteria should examine their products and services in light of the increased requirements in order to be well prepared for the recertification process.
In this sense, it will also be revealed whether the technical challenges placed on companies by the EU guideline committee can be easily solved with current technology, or if meeting this demands will prove to be a matter of great difficulty.
Source: EuroPriSe Position Paper on the impact oft he new „Cookie Law“, July 2010; EuroPriSe - Zertifizierbarkeit von Online-Diensten zur Einblendung verhaltensbasierter Werbung
(1074 times viewed)