Privacy Notice for Dummies? Towards European Guidelines on How to Give “Clear and Comprehensive Information” on the Cookies’ Use in Order to Protect the Internet Users’ Right to Online Privacy
- 1.2k Downloads
The reviewed ePrivacy Directive aims at ensuring internet users’ online privacy by requiring users to give informed consent to the gathering, storing, and processing of their data by internet service providers, e.g., through the cookies’ use. However, it is hardly possible to talk about an “informed” consent if internet users are not aware of cookies or do not understand when and how they work. Currently, European rules require internet service providers to provide internet users with a “clear and comprehensive” information on the cookies’ use without further specifying what kind of disclosure would be seen as compliant therewith. This paper assesses the need for harmonized European guidelines on transparent and readable disclosure on the cookies’ use and suggests the way forward based on comparative legal research and findings from consumer behaviour research.
KeywordsOnline privacy Cookies’ use Informed consent Disclosure’s transparency Disclosure’s readability
- BBC. (2012). Thousands of websites in breach of new cookie law. Available at http://www.bbc.com/news/technology-18206810.
- Bond, R. (2012). The EU e-Privacy directive and consent to cookies. Business Lawyer, 68, 215.Google Scholar
- Castro, C., Tornay, F. J., Horberry, T., Martínez, C., Gale, A., & Martos, F. J. (2007). Worded and symbolic traffic sign stimuli analysis using repetition priming and semantic priming effects. Advances in Psychology Research, 53, 17–46.Google Scholar
- Caudill, E. M., & Murphy, P. E. (2000). Consumer online privacy: Legal and ethical issues. Journal of Public Policy & Marketing, 19, 7–19.Google Scholar
- Charters, D. (2002). Electronic monitoring and privacy issues in business-marketing: The ethics of the doubleclick experience. Journal of Business Ethics, 35, 243–254.Google Scholar
- Culnan, M. J. (2000). Protecting privacy online: Is self-regulation working? Journal of Public Policy & Marketing, 19, 20–26.Google Scholar
- Department for Culture, Media and Sport (the “DCMS”) (2011). Research into consumer understanding and management of internet cookies and the potential impact of the EU Electronic Communications Framework. Available at http://www.culture.gov.uk/images/consultations/PwC_Internet_Cookies_final.pdf (p. 1–91).
- Evans, D. (2012). ICO blog: Education key to cookie law progress. Available at http://ico.org.uk/news/blog/2012/education-key-to-cookie-law-progress.
- Friedmann, K. (1988). The effect of adding symbols to written warning labels on user behavior and recall. Human Factors, 30, 507–515.Google Scholar
- Furnell, S., & Phippen, A. (2012). Online privacy: a matter of policy? Computer Fraud & Society 12–18.Google Scholar
- Gozzo, P. (2005). The strategy and the harmonization process within the European legal system: Party autonomy and information requirements. In G. Howells, A. Janssen, & R. Schulze (Eds.), Information rights and obligations (pp. 22–30). Aldershot: Ashgate.Google Scholar
- Helberger, N., Guibault, L., Loos, M., Mak, C., Pessers, L., & Van Der Slot, B. (2013). Digital consumers and the law. Alphen aan den Rijn: Kluwer Law International.Google Scholar
- IMCO (Committee on the Internal Market and Consumer Protection of the European Parliament) (2011). Consumer behaviour in a digital environment. Study. Available at http://www.europarl.europa.eu/committees/en/studiesdownload.html?languageDocument=EN&file=42591.
- International Chamber of Commerce (2012). ICC UK cookie guide. Available at http://www.international-chamber.co.uk/components/com_wordpress/wp/wp-content/uploads/2012/04/icc_uk_cookie_guide.pdf (p. 1–15).
- Jennings, M. (2012). To track or not to track: recent legislative proposals to protect consumer privacy. Harvard Journal on Legislation, 49, 193–206.Google Scholar
- Kierkegaard, S. M. (2005). How the cookies (almost) crumbled: Privacy & lobbyism. Computer Law and Security Report, 21, 310–322.Google Scholar
- Lee, D. (2012). Cookies: Majority of government sites to miss deadline. BBC. Available at http://www.bbc.com/news/technology-18090118.
- Liao, C., Liu, C., & Chen, K. (2011). Examining the impact of privacy, trust and risk perceptions beyond monetary transactions: An integrated model. Electronic Commerce Research and Applications, 10, 702–715.Google Scholar
- Luzak, J. (2013). Much ado about cookies: The European debate on the new provisions of the ePrivacy directive regarding cookies. European Review of Private Law, 1, 221–246.Google Scholar
- McDougall, S. (2011). Cookie crumbles: confusion over data regulation. Guardian 11. Available at http://www.guardian.co.uk/local-government-network/2011/aug/11/privacy-law-online-data-regulation.
- Milne, G. R., & Culnan, M. J. (2004). Strategies for reducing online privacy risks: Why consumers read (or don’t read) online privacy notices’. Journal of Interactive Marketing, 18, 15–29.Google Scholar
- Miyazaki, A. D. (2008). Online privacy and the disclosure of cookie use: Effects on consumer trust and anticipated patronage. Journal of Public Policy & Marketing, 27, 19–33.Google Scholar
- Morris, L. A., Mazis, M. B., & Brinberg, D. (1989). Risk disclosures in televised prescription drug advertising to consumers. Journal of Public Policy & Marketing, 8, 64–80.Google Scholar
- Nowak, G. J., & Phelps, J. (1995). Direct marketing and the use of individual-level consumer information: Determining how and when “Privacy” matters. Journal of Direct Marketing, 9, 46–60.Google Scholar
- Opinion 15/2011 on the definition of consent issued by Article 29 Data Protection Working Party, 13.07.2011, 01197/11/EN WP187. Available at http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2011/wp187_en.pdf. (p. 9)
- Opinion 2/2010 on online behavioural advertising issued by Article 29 Data Protection Working Party, 22.10.2010, 00909/10/EN WP171. Available at http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2010/wp171_en.pdf At 12.
- OPTA (2012). Veelgestelde vragen over de nieuwe cookieregels. (pp. 1–5). Available at http://www.opta.nl/nl/actueel/alle-publicaties/publicatie/?id=3595.
- Papakonstantinou, V., & De Hert, P. (2011). The amended EU Law on ePrivacy and Electronic Communications after its 2011 implementation; new rules on data protection, spam, data breaches and protection of intellectual property rights. John Marshall Journal of Computer & Information Law, 29, 29.Google Scholar
- Park, Y. J., Campbell, S. W., & Kwak, N. (2012). Affect, cognition, and reward: Predictors of privacy protection online. Computer in Human Behavior, 28, 1019–1027.Google Scholar
- Pechmann, C., & Stewart, D. W. (1988). Advertising repetition: A critical review of wearing and wearout. Current Issues and Research in Advertising, 11, 285. at 285–330.Google Scholar
- Pollach, I. (2005). A typology of communicative strategies in online privacy policies: Ethics, power and informed consent. Journal of Business Ethics, 62, 221–235.Google Scholar
- Sefton-Green, R. (2005). Duties to inform versus party autonomy: Reversing the paradigm (from free consent to informed consent)?—A comparative account of French and English Law. In G. Howells, A. Janssen, & R. Schulze (Eds.), Information rights and obligations (pp. 171–173). Aldershot: Ashgate.Google Scholar
- Williams, I. (2013). Blog: ICO joins global sweep to improve website privacy policies. http://ico.org.uk/news/blog/2013/ico-joins-global-sweep-to-improve-website-privacy-policies.
- Yaveroglu, I., & Donthu, N. (2008). Advertising repetition and placement issues in on-line environments. Journal of Advertising, 37, 31–43.Google Scholar