Journal of Consumer Policy

, Volume 37, Issue 4, pp 547–559 | Cite as

Privacy Notice for Dummies? Towards European Guidelines on How to Give “Clear and Comprehensive Information” on the Cookies’ Use in Order to Protect the Internet Users’ Right to Online Privacy

  • J. A. LuzakEmail author
Original Paper


The reviewed ePrivacy Directive aims at ensuring internet users’ online privacy by requiring users to give informed consent to the gathering, storing, and processing of their data by internet service providers, e.g., through the cookies’ use. However, it is hardly possible to talk about an “informed” consent if internet users are not aware of cookies or do not understand when and how they work. Currently, European rules require internet service providers to provide internet users with a “clear and comprehensive” information on the cookies’ use without further specifying what kind of disclosure would be seen as compliant therewith. This paper assesses the need for harmonized European guidelines on transparent and readable disclosure on the cookies’ use and suggests the way forward based on comparative legal research and findings from consumer behaviour research.


Online privacy Cookies’ use Informed consent Disclosure’s transparency Disclosure’s readability 


  1. BBC. (2012). Thousands of websites in breach of new cookie law. Available at
  2. Bond, R. (2012). The EU e-Privacy directive and consent to cookies. Business Lawyer, 68, 215.Google Scholar
  3. Castro, C., Tornay, F. J., Horberry, T., Martínez, C., Gale, A., & Martos, F. J. (2007). Worded and symbolic traffic sign stimuli analysis using repetition priming and semantic priming effects. Advances in Psychology Research, 53, 17–46.Google Scholar
  4. Caudill, E. M., & Murphy, P. E. (2000). Consumer online privacy: Legal and ethical issues. Journal of Public Policy & Marketing, 19, 7–19.Google Scholar
  5. Charters, D. (2002). Electronic monitoring and privacy issues in business-marketing: The ethics of the doubleclick experience. Journal of Business Ethics, 35, 243–254.Google Scholar
  6. Culnan, M. J. (2000). Protecting privacy online: Is self-regulation working? Journal of Public Policy & Marketing, 19, 20–26.Google Scholar
  7. D’souza, G., & Rao, R. C. (1995). Can repeating an advertisement more frequently than the competition affect brand preference in a mature market. Journal of Marketing, 59, 32–42.CrossRefGoogle Scholar
  8. Department for Culture, Media and Sport (the “DCMS”) (2011). Research into consumer understanding and management of internet cookies and the potential impact of the EU Electronic Communications Framework. Available at (p. 1–91).
  9. Dinev, T., & Hart, P. (2006). An extended privacy calculus model for E-commerce transactions. Information Systems Research, 17, 61–80.CrossRefGoogle Scholar
  10. Earp, J. B., & Baumer, D. (2003). Innovative web use to learn about consumer behavior and online privacy. Communications of the ACM, 46, 81–83.CrossRefGoogle Scholar
  11. Evans, D. (2012). ICO blog: Education key to cookie law progress. Available at
  12. Friedmann, K. (1988). The effect of adding symbols to written warning labels on user behavior and recall. Human Factors, 30, 507–515.Google Scholar
  13. Furnell, S., & Phippen, A. (2012). Online privacy: a matter of policy? Computer Fraud & Society 12–18.Google Scholar
  14. Gozzo, P. (2005). The strategy and the harmonization process within the European legal system: Party autonomy and information requirements. In G. Howells, A. Janssen, & R. Schulze (Eds.), Information rights and obligations (pp. 22–30). Aldershot: Ashgate.Google Scholar
  15. Harridge-March, S. (2006). Can the building of trust overcome consumer perceived risk online? Marketing Intelligence & Planning, 24, 746–761.CrossRefGoogle Scholar
  16. Helberger, N., Guibault, L., Loos, M., Mak, C., Pessers, L., & Van Der Slot, B. (2013). Digital consumers and the law. Alphen aan den Rijn: Kluwer Law International.Google Scholar
  17. Hoffman, D. L., Novak, T. P., & Peralta, M. (1999). Building consumer trust online. Communications of the ACM, 42, 80–85.CrossRefGoogle Scholar
  18. IMCO (Committee on the Internal Market and Consumer Protection of the European Parliament) (2011). Consumer behaviour in a digital environment. Study. Available at
  19. Information Commissioner’s Office (2012). Guidance on the rules on use of cookies and similar technologies. v. 3. Available at (p. 1–30).
  20. International Chamber of Commerce (2012). ICC UK cookie guide. Available at (p. 1–15).
  21. Jennings, M. (2012). To track or not to track: recent legislative proposals to protect consumer privacy. Harvard Journal on Legislation, 49, 193–206.Google Scholar
  22. Jones, R., & Tahri, D. (2010). EU law requirements to provide information to website visitors. Computer Law and Security Report, 26, 613–620.CrossRefGoogle Scholar
  23. Kierkegaard, S. M. (2005). How the cookies (almost) crumbled: Privacy & lobbyism. Computer Law and Security Report, 21, 310–322.Google Scholar
  24. Lee, D. (2012). Cookies: Majority of government sites to miss deadline. BBC. Available at
  25. Liao, C., Liu, C., & Chen, K. (2011). Examining the impact of privacy, trust and risk perceptions beyond monetary transactions: An integrated model. Electronic Commerce Research and Applications, 10, 702–715.Google Scholar
  26. Luzak, J. (2013). Much ado about cookies: The European debate on the new provisions of the ePrivacy directive regarding cookies. European Review of Private Law, 1, 221–246.Google Scholar
  27. Magat, W., Viscusi, W. K., & Huber, J. (1988). Consumer processing of hazard warning information. Joural of Risk and Uncertainty, 1, 201–232.CrossRefGoogle Scholar
  28. McDougall, S. (2011). Cookie crumbles: confusion over data regulation. Guardian 11. Available at
  29. Michelfelder, D. P. (2001). The moral value of informational privacy in cyberspace. Ethics and Information Technology, 3, 129–135.CrossRefGoogle Scholar
  30. Milne, G. R., & Culnan, M. J. (2004). Strategies for reducing online privacy risks: Why consumers read (or don’t read) online privacy notices’. Journal of Interactive Marketing, 18, 15–29.Google Scholar
  31. Miyazaki, A. D. (2008). Online privacy and the disclosure of cookie use: Effects on consumer trust and anticipated patronage. Journal of Public Policy & Marketing, 27, 19–33.Google Scholar
  32. Morris, L. A., Mazis, M. B., & Brinberg, D. (1989). Risk disclosures in televised prescription drug advertising to consumers. Journal of Public Policy & Marketing, 8, 64–80.Google Scholar
  33. Nowak, G. J., & Phelps, J. (1995). Direct marketing and the use of individual-level consumer information: Determining how and when “Privacy” matters. Journal of Direct Marketing, 9, 46–60.Google Scholar
  34. Opinion 15/2011 on the definition of consent issued by Article 29 Data Protection Working Party, 13.07.2011, 01197/11/EN WP187. Available at (p. 9)
  35. Opinion 2/2010 on online behavioural advertising issued by Article 29 Data Protection Working Party, 22.10.2010, 00909/10/EN WP171. Available at At 12.
  36. OPTA (2012). Veelgestelde vragen over de nieuwe cookieregels. (pp. 1–5). Available at
  37. Papakonstantinou, V., & De Hert, P. (2011). The amended EU Law on ePrivacy and Electronic Communications after its 2011 implementation; new rules on data protection, spam, data breaches and protection of intellectual property rights. John Marshall Journal of Computer & Information Law, 29, 29.Google Scholar
  38. Park, Y. J., Campbell, S. W., & Kwak, N. (2012). Affect, cognition, and reward: Predictors of privacy protection online. Computer in Human Behavior, 28, 1019–1027.Google Scholar
  39. Pechmann, C., & Stewart, D. W. (1988). Advertising repetition: A critical review of wearing and wearout. Current Issues and Research in Advertising, 11, 285. at 285–330.Google Scholar
  40. Pollach, I. (2005). A typology of communicative strategies in online privacy policies: Ethics, power and informed consent. Journal of Business Ethics, 62, 221–235.Google Scholar
  41. Schoenbachler, D. D., & Gordon, G. L. (2002). Trust and customer willingness to provide information in database-driven relationship marketing. Journal of Interactive Marketing, 16, 2–16.CrossRefGoogle Scholar
  42. Schwaig, K. S., Segars, A. H., Grover, V., & Fiedler, K. D. (2013). A model of consumers’ perceptions of the invasion of information privacy. Information & Management, 50, 1–12.CrossRefGoogle Scholar
  43. Sefton-Green, R. (2005). Duties to inform versus party autonomy: Reversing the paradigm (from free consent to informed consent)?—A comparative account of French and English Law. In G. Howells, A. Janssen, & R. Schulze (Eds.), Information rights and obligations (pp. 171–173). Aldershot: Ashgate.Google Scholar
  44. Turow, J., Hennessy, M., & Bleakley, A. (2008). Consumers’ understanding of privacy rules in the marketplace. The Journal of Consumer Affairs, 42, 411–424.CrossRefGoogle Scholar
  45. Van Wel, L., & Royakkers, L. (2004). Ethical issues in web data mining. Ethics and Information Technology, 6, 129–140.CrossRefGoogle Scholar
  46. Williams, I. (2013). Blog: ICO joins global sweep to improve website privacy policies.
  47. Wirtz, J., Lwin, M. O., & Williams, J. D. (2007). Causes and consequences of consumer online privacy concern. International Journal of Service Industry Management, 18, 326–341.CrossRefGoogle Scholar
  48. Yaveroglu, I., & Donthu, N. (2008). Advertising repetition and placement issues in on-line environments. Journal of Advertising, 37, 31–43.Google Scholar

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  1. 1.Centre for the Study of European Contract LawUniversity of AmsterdamAmsterdamThe Netherlands

Personalised recommendations