Abstract
This paper looks into Article 5(3) of the ePrivacy Directive on cookies and more specifically, on the practical effect of its 2009 amendment which changed the legal approach towards the use of cookies to opt-in. The new rule had minor practical effect as except that notice about cookie use has overall been improved, behavioural advertising, which is the privacy-invasive commercial practice that the recent amendment of the rule mainly intended to tackle, is still conducted without prior real user consent. The paper inquires into the reasons behind the failure of the rule and finds them in the logical, yet unfounded, business resistance, the rule’s negative publicity as well as in the (misguided) scepticism of EU officials and a lack of enthusiasm or determination at national level. The latter is translated into relaxed national implementations and absence of official guidance for compliance ‘moments’ before the rule was to enter into force. The final blow to the rule was given by a change in the approach of the UK ICO, which essentially aligned the law to the practice of implied consent adopted by many online businesses and by the reaction of the DPWP, which, far from strongly opposing this ‘back off’, confusingly moved closer to the updated stance of the UK ICO. The paper finally suggests that if they really want to, data protection authorities can restore a strict opt-in approach towards behavioural advertising and insist in business compliance with it.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector.
- 2.
See for example, “How to comply with EU cookie law”, ComputerWeekly, accessed November 9, 2014, http://www.computerweekly.com/guides/How-to-comply-with-the-EU-cookie-law.
- 3.
Directive 2009/136/EC of the European Parliament and of the Council of 25 November 2009 amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws.
- 4.
See infra p. 10.
- 5.
Phil Lee, P. “The impact of cookie ‘consent’ on targeted adverts,” Journal of Database Marketing & Customer Strategy Management 18.3 (2011): 205.
- 6.
See Articles 29 and 30, Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
- 7.
For straightforward information on cookies, their evolution and purposes, see “What is a cookie?”, YouTube, accessed November 14, 2014, https://www.youtube.com/watch?v=I01XMRo2ESg&feature=player_embedded.
- 8.
Van Well, L. and Royakkers, L., “Ethical Issues in Web Data Mining,” Ethics and Information Technology 6.2 (2004): 129.
- 9.
Ibid at p. 133.
- 10.
Mireille Hildebrandt, “Profiling: From Data to Knowledge, The challenges of a crucial Technology,” Datenschutz und Datensicherheit 30 (2006): 549, accessed 9 November 2014, http://www.fidis.net/fileadmin/fidis/publications/2006/DuD09_2006_548.pdf.
- 11.
“Google Inc.”, http://www.google.com/doubleclick/, accessed November 10, 2014.
- 12.
A ‘cookie sweep’ recently conducted in eight Member States has found that 70 % of all recorded cookies were third-party ones, see Article 29 Data Protection Working Party, “Cookie sweep combined analysis—Report” WP 229: 2, accessed March 13, 2015, http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2015/wp229_en.pdf.
- 13.
Van Well and Royakkers, supra n. 8, pp. 130–131.
- 14.
Roger Clarke in Clarke, R., “Information Technology and Dataveillance,” Communications of the ACM 31.5 (1987): 498.
- 15.
Daniel J. Solove, “Privacy and power: Computer databases and metaphors for information privacy,” Stanford Law Review (2001): 1417.
- 16.
Ian J. Lloyd, Information technology law, (3rd edition, Butterworths, 2000), 33.
- 17.
Paul Alexander Bernal, “A right to delete?” European Journal of Law and Technology 2(2) (2011): Sect. 2.4, accessed March 5, 2015, http://ejlt.org/article/view/75/144.
- 18.
Jerry Kang, “Information privacy in cyberspace transactions,” Stanford Law Review (1998): 1240, quoting Gary Marx; Lilian Edwards, “Consumer Privacy, Online Business and the Internet: Looking for Privacy in All the Wrong Places,” International Journal of Law and Information Technology (2003): 231–232 and Solove, supra n. 15, pp. 1434, 1453.
- 19.
Inadvertent disclosure of private facts to other computer users is a risk emphasized by Cranor, F. L., “’I Didn’t Buy it for Myself': Privacy and Ecommerce Personalization,” WPES (2003): 111–117, accessed November 9, 2014, http://lorrie.cranor.org/pubs/personalization-privacy.pdf.
- 20.
Paul Ohm, “The Rise and Fall of Invasive ISP Surveillance,” University of Illinois Law Review (2009): 41, accessed November 9, 2014, SSRN: http://ssrn.com/abstract=1261344.
- 21.
Taylor, R. C., “Consumer Privacy and the Market for Customer Information,” The RAND Journal of Economics 35(4) (2004): 631.
- 22.
European Commission, ‘Data Collection, Targeting and Profiling of Consumers for Commercial Purposes in the Online Environment’ (Background Paper 2009): 10–11; European Commission, “Report on cross-border e-commerce in the EU”, Commission Staff Working Document, SEC 283 final (2009): 14, 18.
- 23.
Mireille Hildebrandt, “Profiling into the future: An assessment of profiling technologies in the context of Ambient Intelligence,” FIDIS Journal 1 (2007): 10, accessed November 9, 2014, http://www.fidis.net/fileadmin/journal/issues/1-2007/Profiling_into_the_future.pdf.
- 24.
Lee Bygrave, “Minding the Machine: Art15 of the EC Data Protection Directive and Automated Profiling”, Privacy Law and Policy Reporter 40 (2000): Sect. 4.2, accessed 15 November 2014, http://folk.uio.no/lee/oldpage/articles/Minding_machine.pdf.
- 25.
European Commission Speech 09/156, Meglena Kuneva, “Roundtable on Online Data Collection, Targeting and Profiling”, (speech given at Roundtable on Online Data Collection, Targeting and Profiling, Brussels, March 31, 2009), accessed November 9, 2014, http://europa.eu/rapid/press-release_SPEECH-09-156_en.htm.
- 26.
Supra n. 15, p. 1418.
- 27.
Michael A. Froomkin, “The death of privacy?” Stanford Law Review (2000): 1470. See also Kang, supra n. 18, pp. 1260–1261.
- 28.
Tal Zarsky, “Mine your own business: making the case for the implications of the data mining of personal information in the forum of public opinion,” Yale JL & Tech. 5 (2002): 38–39.
- 29.
“The Web Cookie is dying. Here’s the creepier Technology that comes next,” Forbes, (2013), accessed November 9, 2014, http://www.forbes.com/sites/adamtanner/2013/06/17/the-web-cookie-is-dying-heres-the-creepier-technology-that-comes-next/.
- 30.
See Recital 24, ePrivacy Directive.
- 31.
Chris Jay Hoofnagle et al., “Behavioral Advertising: The Offer You Cannot Refuse,” 6 Harvard Law & Policy Review 273 (2012): 273, accessed November 25, 2014, SSRN: http://ssrn.com/abstract=2137601. See also “Javascript: Advantages and Disadvantages”, Jcscripters.com, accessed November 25, 2014, http://www.jscripters.com/javascript-advantages-and-disadvantages/.
- 32.
Hoofnagle et al., ibid at p. 281. For further discussion on existing tracking technologies, see Omer Tene and Jules Polonetsky, “To Track or ‘Do Not Track’: Advancing Transparency and Individual Control in Online Behavioral Advertising,” Minnesota Journal of Law, Science & Technology, 13.1 (2012): 14–19, accessed November 25, 2014, SSRN: http://ssrn.com/abstract=1920505.
- 33.
Article 29 Data Protection Working Party, “Opinion 9/2014 on the application of Directive 2002/58/EC to device fingerprinting” WP 224: 6, accessed November 25, 2014, http://ec.europa.eu/justice/data-protection/article-29/documfentation/opinion-recommendation/files/2014/wp224_en.pdf.
- 34.
Ibid.
- 35.
Ibid at p. 11.
- 36.
Article 29 Data Protection Working Party, “Opinion 1/2009 on the proposals amending Directive 2002/58/EC on privacy and electronic communications (e-Privacy Directive)” WP 159: 10, accessed November 2015, http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2009/wp159_en.pdf: “…the chosen wording is not limited to the current issue of cookies, but implies any other new technology that could be used to track the users’ behaviour using their browser”.
- 37.
“How a new type of “evercookie” tracks you online,” The Economist, (2014), accessed November 25, 2014, http://www.economist.com/blogs/economist-explains/2014/08/economist-explains-3; Woody Leonhard, “Zombie cookies won’t die: Microsoft admits use, HTML5 looms as new vector,” InfoWorld, (2011), accessed November 25, 2014, http://www.infoworld.com/article/2620781/internet-privacy/-zombie-cookies--won-t-die--microsoft-admits-use--html5-looms-as-new-vector.html.
- 38.
See for example, “Cookies and Internet Advertising”, Amazon.co.uk, (2012), accessed November 25, 2014, http://www.amazon.co.uk/gp/help/customer/display.html?ie=UTF8&nodeId=201149560&ref_=gw_cookie_uk.
- 39.
Christine Riefa and Christiana Markou, “Online Marketing: Advertisers Know You are a Dog on the Internet,” in Savin, A., Trzaskowski, J. eds, Research Handbook on EU Internet Law (Denmark: Edward Elgar, 2014): 397. See also Julia Angwin, “The Web’s New Gold Mine: Your Secrets,” The Wall Street Journal, (2010), accessed November 15, 2014, http://online.wsj.com/articles/SB10001424052748703940904575395073512989404.
- 40.
Supra p. 1.
- 41.
“Research into consumer understanding and management of internet cookies and the potential impact of the EU Electronic Communications Framework,” Department for Culture, Media & Sport (DCMS) (2011): 24, accessed November 9, 2014, https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/77641/PwC_Internet_Cookies_final.pdf.
- 42.
Ibid at p. 21.
- 43.
Ibid at p. 27.
- 44.
Edwards, supra n. 18, p. 239, emphasis added.
- 45.
Frederic Debusseré, “The EU E-Privacy Directive: A Monstrous Attempt to Starve the Cookie Monster?” Int’l JL & Info. Tech. 13 (2005): 91, referring to UK Information Commissioner, ‘Guidance to the Privacy and Electronic Communications (EC Directive) Regulations 2003—Part 2: Security, Confidentiality, Traffic and Location Data, Itemised Billing, CLI and Directories’ (2003), version 1, November 2003: 5, accessed November 9, 2014, http://gov.gg/ccm/cms-service/download/asset/?asset_id=36034.
- 46.
“Data Protection Good Practice Note, Collecting Personal Information using websites” (2007): 2–3, accessed November 9, 2014, http://webarchive.nationalarchives.gov.uk/20100402134332/, http://ico.gov.uk/upload/documents/library/data_protection/practical_application/collecting_personal_information_from_websites_v1.0.pdf.
- 47.
Article 29 Data Protection Working Party, “Opinion 1/2008 on data protection issues related to search engines” WP 148: 20, accessed 9 November 2014, http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2008/wp148_en.pdf.
- 48.
Emphasis added.
- 49.
For a thorough analysis of the amended provision, see Eleni Kosta, “Peeking into the cookie jar: the European approach towards the regulation of cookies”, International Journal of Law and Information Technology 23(4) (2013): 380.
- 50.
Jessica Chambers, “Cookie law makes most UK websites illegal: what you need to know,” (2011), accessed November 9, 2014, http://blog.silktide.com/2011/05/cookie-law-makes-most-uk-websites-illegal-what-you-need-to-know/.
- 51.
Craig Buckler, “Why your site is now illegal in Europe,” Sitepoint, (2012), accessed November 9, 2014, http://www.sitepoint.com/europe-website-cookie-privacy-law/.
- 52.
Olivia Solon, “A simple guide to cookies and how to comply with EU cookie law,” wired.co.uk, (2012), accessed 9 November 2014, http://www.wired.co.uk/news/archive/2012-05/25/cookies-made-simple.
- 53.
Ibid.
- 54.
Article 29 Data Protection Working Party, “Opinion 2/2010 on online behavioral advertising” WP 171: 13–16, accessed November 9, 2014, http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2010/wp171_en.pdf.
- 55.
Ibid at p. 16.
- 56.
Ibid at pp. 15–16, emphasis added.
- 57.
Article 29 Data Protection Working Party, “Opinion 15/2011 on the definition of consent” WP 187, accessed November 9, 2014, http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2011/wp187_en.pdf.
- 58.
By virtue of Article 2(f), ePrivacy Directive, this definition is applicable also in the context of the ePrivacy Directive and thus, in relation to the cookie rule.
- 59.
Ibid at p. 10.
- 60.
Ibid at p. 17.
- 61.
Ibid at pp. 18–19.
- 62.
Article 29 Data Protection Working Party, “Opinion 16/2011 EASA/IAB Best Practice Recommendation on Online Behavioural Advertising” WP 188, accessed November 9, 2014, http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2011/wp188_en.pdf.
- 63.
Ibid at pp. 9–10.
- 64.
Ibid at p. 5.
- 65.
Article 29 Data Protection Working Party, “Opinion 4/2012 on Cookie Consent Exemption” WP 194, accessed November 9, 2014, http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2012/wp194_en.pdf.
- 66.
Ibid at p. 11.
- 67.
Ibid pp. 6, 9–10.
- 68.
Ibid at p. 6.
- 69.
“Changes to the rules on using cookies and similar technologies for storing information,” UK Information Commissioner’s Office (ICO), (2011): 6–7, accessed November 9, 2014, https://www.huntonprivacyblog.com/wp-content/files/2011/12/Initial-guidance.pdf.
- 70.
See for example, Google UK, http://www.google.co.uk and PriceGrabber UK, http://www.pricegrabber.co.uk.
- 71.
See, for example, Amazon UK, http://www.amazon.co.uk.
- 72.
It looks like this: “‘PriceRunner UK—Compare UK Prices and Find Deals Online Copyright © 1999–2014 PriceRunner|Terms & Conditions|Privacy Policy|Cookie Policy’”, PriceRunner UK, http://www.pricerunner.co.uk, accessed on November 15, 2014. See also, eBay UK, http://www.ebay.co.uk, accessed on November 15, 2014.
- 73.
Supra n. 47 and associated text.
- 74.
See supra at p. 9.
- 75.
Borgesius, supra n. 101, citing the Dutch Data Protection Authority Letter to the State Secretary of Education, Culture and Science, on answers to parliamentary questions about cookie policy, (2013), www.cbpweb.nl/downloads_med/med_20130205-cookies-npo.pdf, accessed on February 24, 2015 and Eleni Kosta, Consent in European Data Protection Law (PhD diss., University of Leuven, 2013): 256, 312.
- 76.
This is a right approach for two reasons. First, even if there are alternative service providers to which users could theoretically switch, transaction costs associated with such a switch may in some cases ‘force’ them to stay with the current provider, see Borgesius, supra n. 101, p. 33. Secondly, if all competing service providers employ the same (or a comparable) practice of gaining consent, the existence of competition and the consequent possibility of a switch does not obviously lead to user choice. Cohen made this argument in a slightly different context: “… to the extent that individuals need or want the goods or services and cannot obtain them elsewhere—to the extent, that is, that all vendors serving a given market believe collecting consumer data is a competitive necessity—one suspects that individuals may simply concede, and convince themselves that the loss of privacy associated with this particular transaction is not too great”; Julie E. Cohen, “Examined Lives: Informational Privacy and the Subject as Object,” Stanford Law Review 52 (2000): 1397, accessed November 9, 2014, http://scholarship.law.georgetown.edu/cgi/viewcontent.cgi?article=1819&context=facpub.
- 77.
Recital 25 of the e-Privacy Directive provides as follows: “… The methods for giving information, offering a right to refuse or requesting consent should be made as user-friendly as possible. Access to specific website content may still be made conditional on the well-informed acceptance of a cookie or similar device, if it is used for a legitimate purpose”.
- 78.
Article 29 Data Protection Working Party, “Opinion 02/2013 providing guidance on obtaining consent for cookies” WP 208: 5, accessed November 9, 2014 http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2013/wp208_en.pdf.
- 79.
Discussing whether the said approach amounts to valid consent under EU law, Kosta writes that “… the explicit reference on the conditionality of access in Recital 25 complicates the situation”, Kosta, supra n. 75, p. 321. See also DPWP, ibid.
- 80.
Ronald Leenes and Eleni Kosta, "Taming the cookie monster with Dutch law—A tale of regulatory failure," Computer Law & Security Review: The International Journal of Technology Law and Practice 31.1 (2015), doi:10.1016/j.clsr.2015.01.004.
- 81.
Kierkegaard, Sylvia Mercado, “How the cookies (almost) crumbled: Privacy & lobbyism,” Computer Law & Security Review: The International Journal of Technology Law and Practice 21.4 (2005): 310–322.
- 82.
Ibid at p. (emphasis added).
- 83.
Supra n. 25, emphasis added.
- 84.
Kathleen Hall, “EC cookie privacy laws threatens UK’s digital economy,” ComputerWeekly.com, (2011), accessed November 9, 2014, http://www.computerweekly.com/news/1280095377/EC-cookie-privacy-laws-threaten-UKs-digital-economy. See also, Mike Butcher, “Stupid EU cookie law will hand the advantage to the US, kill our startups stone dead,” techcrunch.com, accessed November 9, 2014, http://techcrunch.com/2011/03/09/stupid-eu-cookie-law-will-hand-the-advantage-to-the-us-kill-our-startups-stone-dead/.
- 85.
“The stupid EU cookies law (and why it should die)”, YouTube, accessed 9 November 2014, https://www.youtube.com/watch?v=9hLmX9FX2KA.
- 86.
Ibid.
- 87.
Milo Yiannopoulos, “Guest Opinion: The EU’s legal war on cookies is barking mad,” wired.co.uk, (2011), accessed November 9, 2014, http://www.wired.co.uk/news/archive/2011-05/11/cookies-regulations?p=2. See also Mike Butcher, supra n. 84.
- 88.
Leenes and Kosta, supra n. 80.
- 89.
Ibid.
- 90.
There is almost always at least one survey evincing a conflicting stance. For example, a study conducted by the Pricewaterhouse and commissioned by the UK Department for Media, Culture and Sport found that most respondents expressed preference towards the opt-in approach and this was so despite the fact that the said approach was described to them as requiring “…repeated pop-up windows or other virtual labels on every web page visited by a user where internet cookies are in use”; “Research into consumer understanding and management of internet cookies and the potential impact of the EU Electronic Communications Framework,” Department for Culture, Media & Sport (DCMS) (2011): 1,3, accessed November 9,2014, https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/72837/PwC_DCMS_Internet_Cookies_Summary_and_Conclusions.pdf. To be fair however, many respondents admitted to possess limited a priori knowledge of cookies. Moreover, unlike Dutch users, UK users did not get to see what repeated pop-ups mean in practice.
- 91.
Ignacio Cofone, “The Way the Cookie Crumbles: Online Tracking Meets Behavioral Economics,” (2014): 12, accessed, February 27, 2015, SSRN: http://ssrn.com/abstract=2541215.
- 92.
Leenes and Kosta, supra n. 80.
- 93.
European Consumer Commissioner, supra n. 25. See also “Understanding the Personal Data Bargain”, InternetSociety, (2013), accessed November 9, 2014., http://www.internetsociety.org/blog/2013/02/understanding-personal-data-bargain explaining the online bargain involving free services in exchange of personal data, the latter being referred to as “info-currency”.
- 94.
Caroline Daniel and Maija Palmer, Google’s Goal: to Organize your Daily Life, FT.com, (2007), accessed November 9, 2014, http://www.ft.com/cms/s/2/c3e49548-088e-11dc-b11e-000b5df10621.html#axzz3HcfhNcV2.
- 95.
Letter, Subject: SB 761 (Lowenthal)—OPPOSITION, (2011), accessed November 9, 2014, http://regmedia.co.uk/2011/05/05/dnt_opposition_letter.pdf.
- 96.
See supra, p. 10.
- 97.
It would be interesting for computer scientists to compare this kind of re-programming with the one necessary to stop standard web logs from registering IP addresses and the URL of the requested content, which is part of how the Internet through the HTTP protocol works. Kang stated that the re-programming for the latter purpose would be overly burdensome, see Kang, supra n. 18, p. 1276, n. 328.
- 98.
Recital 25, e-Privacy Directive, supra n. 77.
- 99.
See DPWP, Article 29 Data Protection Working Party, supra n. 54 at p. 16; DPWP, Article 29 Data Protection Working Party, “Opinion 16/2011 EASA/IAB Best Practice Recommendation on Online Behavioural Advertising” WP 188: 10–11, accessed 9 November 2014, http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2011/wp188_en.pdf; DPWP, Article 29 Data Protection Working Party, supra n. 65 at p. 6.
- 100.
Leenes and Kosta, supra n. 80 (referring to a survey conducted by the Dutch Consumer Union, http://www.consumentenbond.nl/test/elektronica-communicatie/).
- 101.
Zuiderveen Frederik J. Borgesius, “Consent to Behavioural Targeting in European Law—What are the Policy Implications of Insights from Behavioural Economics?”, Amsterdam Law School Research Paper 43 (2013): 24, accessed November 9, 2014, SSRN: http://ssrn.com/abstract=2300969 or 10.2139/ssrn.2300969.
- 102.
Ibid.
- 103.
Langheinrich et al., “Unintrusive Customization Techniques for Web Advertising,” Computer Networks: The International Journal of Computer and Telecommunications Networking 31 (1999): 1260.
- 104.
Internet Advertising Bureau, “Office of Fair Trading (OFT) Online Targeting of Advertising and Prices Market Study: Response by the Internet Advertising Bureau,” Internet Advertising Bureau, (2012): 3, accessed November 9, 2014, http://www.iabuk.net/sites/default/files/IABresponsetoOFTmarketstudyintoOnlineTargetingofAdvertisingandPrices_6012_0.pdf.
- 105.
See for example, “Contextual ad leader vibrant signs new premium publishers,” Vibrant, (2011), accessed November 9, 2014, http://www.vibrantmedia.com/press/press.asp?section=press_releases&id=182.
- 106.
See “What industries Contributed the Most to Google’s Earnings?” WordStream, accessed November 9, 2014, http://www.wordstream.com/articles/google-earnings.
- 107.
Langheinrich et al., supra n. 103, pp. 1260–1261.
- 108.
Supra n. 104.
- 109.
Jeff Chester, “Cookie wars: how new data profiling and targeting techniques threaten citizens and consumers in the “big data” era,” in European Data Protection: In Good Health? ed. Gutwirth S. et al. (Netherlands: Springer, 2012), 53–77.
- 110.
See infra at pp. 16–20.
- 111.
European Commission Speech 10/452, Neelie Kroes, “European Roundtable on the Benefits of Online Advertising for Consumers” (speech given at European Roundtable on the Benefits of Online Advertising for Consumers, Brussels, September 17, 2010), accessed November 15, 2014, http://europa.eu/rapid/press-release_SPEECH-10-452_en.htm?locale=FR.
- 112.
Ibid.
- 113.
Chester, supra n. 109, p. 70.
- 114.
Ibid.
- 115.
Joseph Turow et al., “Contrary to what marketers say, Americans reject tailored advertising and three activities that enable it,” (2009), accessed November 9, 2014, http://graphics8.nytimes.com/packages/pdf/business/20090929-Tailored_Advertising.pdf.
- 116.
Zuiderveen Frederik J. Borgesius, supra n. 101, pp. 8–10.
- 117.
Supra n. 111.
- 118.
Supra pp. 9–10.
- 119.
Communications Committee (European Commission—Information Society and Mediate Directorate General), ‘Working Document on the implementation of the revised Framework—Article 5(3) of the ePrivacy Directive’ COCOM10–34, Brussels, 20 October 2010: 6.
- 120.
Kosta, supra n. 49, p. 401.
- 121.
Adoption of the Proposal for a Directive of the European Parliament and of the Council amending Directives 2002/21/EC on a common regulatory framework for electronic communications networks and services, 2002/19/EC on access to, and interconnection of electronic communications networks and services, and 2002/20/EC on the authorisation of electronic communications networks and services (LA+S) (third reading)—Statements, 15864/09 ADD 1 REV 1 COR 1, http://register.consilium.europa.eu/doc/srv?l=EN&t=PDF&f=ST+15864+2009+ADD+1+REV+1+COR+1. See also Leenes and Kosta supra n. 80.
- 122.
N van Eijk, et al., “Online tracking: questioning the power of informed consent,” Emerald Group Publishing Limited 14.5 (2012): 59, accessed on April 16, 2014, http://dare.uva.nl/document/2/121980.
- 123.
“Governments ‘not ready’ for new European Privacy law”, BBC News Technology (2010), accessed November 9, 2014, http://www.bbc.com/news/technology-12677534.
- 124.
Chirstopher Graham, “ICO Blog: half term report on cookies compliance,” UK Information Commissioner’s Office (ICO), accessed November 9, 2014, http://ico.org.uk/news/blog/2011/half-term-report-on-cookies-compliance.
- 125.
See supra pp. 9–10.
- 126.
“Guidance on the rules on use of cookies and similar technologies”, UK Information Commissioner’s Office (ICO), (2012), accessed November 9, 2014, http://ico.org.uk/news/blog/2011/~/media/documents/library/Privacy_and_electronic/Practical_application/cookies_guidance_v3.pdf.
- 127.
Ibid, pp. 6–7, emphasis added.
- 128.
Anh Nguyen, “95 % of UK organisations ‘do not comply with EU cookie law,” Computerworld UK (2012), accessed November 9, 2014, http://www.computerworlduk.com/news/it-business/3350059/95-of-uk-organisations-do-not-comply-with-eu-cookie-law/.
- 129.
Supra n. 95, p. 23.
- 130.
Opinion 16/2011, supra n. 62, p. 6.
- 131.
“Cookies FAQs, May 2012—ICO”, YouTube, accessed 9 November 2014 https://www.youtube.com/watch?v=V0M8MYiGkQw.
- 132.
“The EU cookie law (e-Privacy Directive),” UK Information Commissioner’ s Office (ICO), accessed November 9, 2014, http://ico.org.uk/for_organisations/privacy_and_electronic_communications/the_guide/cookies.
- 133.
Simon Gibbs, “The stupid cookie law is dead at last,” Libertarian Home (2013), accessed 9 November 2014, http://libertarianhome.co.uk/2013/01/the-stupid-cookie-law-is-dead-at-last/.
- 134.
“ICC UK Cookie guide,” International Chamber of Commerce (ICC) UK (2012): 13, accessed November 9, 2014, http://www.cookielaw.org/media/1096/icc_uk_cookiesguide_revnov.pdf.
- 135.
See also Riefa and Markou, supra n. 39, pp. 405–406.
- 136.
“Changes to cookies on our website,” UK Information Commissioner’s Office (ICO), (2013), accessed November 9, 2014, https://ico.org.uk/about-the-ico/news-and-events/current-topics/changes-to-cookies-on-our-website/.
- 137.
Ed Vaizey, “Open letter on the UK implementation of Article 5(3) of the e-Privacy Directive on cookies,” DCMS, (2011): 1, accessed February 27, 2015, https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/77638/cookies_open_letter.pdf, emphasis added.
- 138.
Andrew McStay, “I consent: An analysis of the Cookie Directive and its implications for UK behavioral advertising,” New Media & Society 15.4 (2012): 596–611.
- 139.
Ibid at p. 609.
- 140.
Cofone, supra n. 91, p. 16.
- 141.
“Cookie ‘consent’ rule: EEA implementation,” Field Fisher Waterhouse, http://www.fieldfisher.com/pdf/cookie-consent-tracking-table.pdf. For another table of national implementations, see Cofone, supra n. 91, pp. 8–10.
- 142.
N van Eijk, et al., supra n. 122, p. 71.
- 143.
Article 29 Data Protection Working Party, supra n. 78.
- 144.
Ibid at p. 2.
- 145.
Ibid at p. 5.
- 146.
ibid at pp. 4–5, emphasis added.
- 147.
ibid at p. 5.
- 148.
Supra p. 9.
- 149.
Leenes and Kosta, supra n. 80, emphasis added.
- 150.
“Simplified Arrangements to Provide Information and Obtain Consent Regarding Cookies,” Garante, (2014), accessed February 27, 2015, http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/3167654.
- 151.
Pablo Rivas, “Spanish Data Protection Agency Releases Guidance on Cookies Regulation,” Hogan Lovells, (2013), accessed February 27, 2015, http://www.hldataprotection.com/2013/06/articles/consumer-privacy/the-spanish-data-protection-agency-finally-releases-its-guidance-on-cookies/.
- 152.
Eleanor Treharne-Jones, “European Cookie Sweep Initiative: Are you Compliant?” TRUSTe Blog, (2014), accessed November 9, 2014, http://www.truste.com/blog/2014/07/17/european-cookie-sweep-initiative-are-you-compliant/.
- 153.
“Cookie audits—are you ready?” TRUSTe and Fieldfisher, accessed November 10, 2014, http://webcasts.acc.com/handouts/Whitepaper-_EU_Cookie_Audits_Are_you_Ready.pdf.
- 154.
Ibid at p. 7.
- 155.
Nuria Pastor, “History in the making: the first ‘cookie rule’ fines in Europe,” Fielsfisher, (2014), accessed November 10, 2014, http://privacylawblog.fieldfisher.com/2014/history-in-the-making-the-first-cookie-rule-fines-in-europe; Cynthia O’ Donoghue, “Spain: First European Cookie Fine Issued by Spanish Data Protection Authority,” Mondaq, (2014), accessed November 10, 2014, http://www.mondaq.com/x/296196/Data+Protection+Privacy/First+European+Cookie+Fine+Issued+By+Spanish+Data+Protection+Authority and “Spain: AEPD issues first European cookie fine,” DataGuidance, (2014), accessed November 10, 2014, http://www.dataguidance.com/dataguidance_privacy_this_week.asp?id=2203.
- 156.
Leenes and Kosta, supra n. 80.
- 157.
Supra p. 20.
- 158.
See supra at p. 19.
- 159.
See supra at p. 21.
- 160.
See supra n. 126, p. 16.
- 161.
Borgesius, supra n. 101, pp. 29–37; Tene and Polonetsky, supra n. 32, pp. 39–54; Mantelero, Alessandro. "The future of consumer data protection in the EU Re-thinking the “notice and consent” paradigm in the new era of predictive analytics," Computer Law & Security Review 30.6 (2014): 643–660.
- 162.
Borgesius, supra n. 101, pp. 51–56.
- 163.
Tene and Polonetsky for example, call for “dimming the highlight on user choice while focusing on businesses’ obligations under the FIPs”, supra n. 32, p. 48. Obviously, this is a call to focus on other tools of protection as well rather than to abandon the ‘consent’ approach.
- 164.
Ryan M. Calo, “Against Notice Skepticism in Privacy (and Elsewhere),” Notre Dame Law Review 87(3) (2012): 1027, accessed 5 March 2015, https://cyberlaw.stanford.edu/files/publication/files/ssrn-id1790144.pdf.
- 165.
Tene and Polonetsky, supra n. 32, p. 41.
- 166.
Arguably, enforcement could in this case be somewhat improved as a result of the limited and hence, more manageable number of the addressees of the prohibition but then again as the recent official cookie sweep has found that more than half of third-party (advertising) cookies are set by just 25 advertising businesses, see Data Protection Working Party, supra n. 12, pp. 2, 15.
- 167.
Supra n. 31, p. 278.
- 168.
Tene and Polonetsky, supra n. 32, p. 38.
- 169.
McStay reports that based on the findings of a study they commissioned, the UK Department for Media, Culture and Sport has remarked that if an opt-in were implemented, nearly 50 % of Internet Users would not accept third party (advertising) cookies, supra n. 138, p. 607.
Bibliography
Angwin, Julia. 2010. The web’s new gold mine: Your secrets. The Wall Street Journal. http://online.wsj.com/articles/SB10001424052748703940904575395073512989404. Accessed 9 Nov 2014.
Article 29 Data Protection Working Party. 2015. Cookie sweep combined analysis. http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2015/wp229_en.pdf. Accessed 13 Mar 2015.
Article 29 Data Protection Working Party. Opinion 02/2013 providing guidance on obtaining consent for cookies. WP 208. http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2013/wp208_en.pdf. Αccessed 9 Nov 2014.
Article 29 Data Protection Working Party. Opinion 1/2008 on data protection issues related to search engines. WP 148. http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2008/wp148_en.pdf. Αccessed 9 Nov 2014.
Article 29 Data Protection Working Party. Opinion 1/2009 on the proposals amending Directive 2002/58/EC on privacy and electronic communications (e-Privacy Directive). WP 159: 10. http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2009/wp159_en.pdf. Αccessed 9 Nov 2014.
Article 29 Data Protection Working Party. Opinion 15/2011 on the definition of consent. WP 187. http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2011/wp187_en.pdf. Αccessed 9 Nov 2014.
Article 29 Data Protection Working Party. Opinion 16/2011 EASA/IAB best practice recommendation on online behavioural advertising. WP 188. http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2011/wp188_en.pdf. Αccessed 9 Nov 2014.
Article 29 Data Protection Working Party. Opinion 2/2010 on online behavioral advertising. WP 171. http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2010/wp171_en.pdf. Αccessed 9 Nov 2014.
Article 29 Data Protection Working Party. Opinion 4/2012 on cookie consent exemption. WP 194. http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2012/wp194_en.pdf. Αccessed 9 Nov 2014.
Article 29 Data Protection Working Party. Opinion 9/2014 on the application of Directive 2002/58/EC to device fingerprinting. WP 224. http://ec.europa.eu/justice/data-protection/article-29/documfentation/opinion-recommendation/files/2014/wp224_en.pdf. Αccessed 25 Nov 2014.
BBC News Technology. 2010. Governments ‘not ready’ for new European Privacy law. http://www.bbc.com/news/technology-12677534. Accessed 9 Nov 2014.
Bernal, Paul Alexander. 2011. A right to delete. European Journal of Law and Technology 2.2. http://ejlt.org/article/view/75/144. Accessed 5 Mar 2015.
Borgesius, Zuiderveen Frederik J. 2013. Consent to behavioural targeting in European law—What are the policy implications of insights from behavioural economics? Amsterdam Law School Research Paper 43. SSRN: http://ssrn.com/abstract=2300969. Accessed 9 Nov 2014.
Buckler, Craig. 2012. Why your site in now illegal in Europe. Sitepoint. http://www.sitepoint.com/europe-website-cookie-privacy-law/. Αccessed 9 Nov 2014.
Butcher, Mike. Stupid EU cookie law will hand the advantage to the US, kill our startups stone dead. techcrunch.com, http://techcrunch.com/2011/03/09/stupid-eu-cookie-law-will-hand-the-advantage-to-the-us-kill-our-startups-stone-dead/. Αccessed 9 Nov 2014.
Bygrave, Lee. 2000. Minding the machine: Art15 of the EC data protection directive and automated profiling. Privacy Law and Policy Reporter 40: 67–76. http://folk.uio.no/lee/oldpage/articles/Minding_machine.pdf. Accessed 9 Nov 2014.
Calo, Ryan M. 2012. Against notice skepticism in privacy (and elsewhere). Notre Dame Law Review 87(3): 1027–1072.SSRN. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1790144. Accessed 10 Mar 2015.
Chambers, Jessica. 2011. Cookie law makes most UK websites illegal: What you need to know. http://blog.silktide.com/2011/05/cookie-law-makes-most-uk-websites-illegal-what-you-need-to-know/. Accessed 9 Nov 2014.
Chester, Jeff. 2012. Cookie wars: How new data profiling and targeting techniques threaten citizens and consumers in the “big data” era. in European Data Protection: In Good Health? ed. Gutwirth S. et al. 53–77. Netherlands: Springer.
Clarke, Roger. 1987. Information technology and dataveillance. Communications of the ACM 31.5: 498–512. http://www.rogerclarke.com/DV/CACM88.html. Accessed 9 Nov 2014.
Cofone, Ignacio. 2014. The way the cookie crumbles: Online tracking meets behavioral economics. Rotterdam Institute of Law and Economics (RILE), Working Paper Series, Paper No. 2014/14. SSRN: http://ssrn.com/abstract=2541215. Accessed 27 Feb 2015.
Cohen, Julie E. 2000. Examined lives: Informational privacy and the subject as object. Stanford Law Review 52: 1373–1437. http://scholarship.law.georgetown.edu/cgi/viewcontent.cgi?article=1819&context=facpub. Accessed 9 Nov 2014.
Communications Committee (European Commission—Information Society and Mediate Directorate General). 2010. Working document on the implementation of the revised Framework—Article 5(3) of the ePrivacy Directive. COCOM10–34, Brussels, 20 Oct 2010. http://itek.di.dk/SiteCollectionDocuments/Zire/Sikkerhedsnyhedsbrev/COCOM10-34%20Guidance%20Art%205%283%29%20eprivacy%20Dir.pdf. Accessed 20 Nov 2014.
ComputerWekkly. How to comply with EU cookie law. http://www.computerweekly.com/guides/How-to-comply-with-the-EU-cookie-law. Accessed 9 Nov 2014.
Cookies and Internet Advertising. 2012. Amazon.co.uk, http://www.amazon.co.uk/gp/help/customer/display.html?ie=UTF8&nodeId=201149560&ref_=gw_cookie_uk. Accessed 25 Nov 2014.
Cranor, Lorrie F. 2003. ‘I didn’t buy it for myself’: Privacy and ecommerce personalization. WPES, 111–117. http://lorrie.cranor.org/pubs/personalization-privacy.pdf. Accessed 9 Nov 2014.
Daniel, Caroline, and Palmer, Maija. 2007. Google’s goal: To organize your daily life. FT.com, http://www.ft.com/cms/s/2/c3e49548-088e-11dc-b11e-000b5df10621.html#axzz3HcfhNcV2. Accessed 9 Nov 2014.
Debusseré, Frederic. 2005. The EU E-privacy directive: A monstrous attempt to starve the cookie monster? 13(1): 70–97. International Journal of Law and Information Technology. http://gov.gg/ccm/cms-service/download/asset/?asset_id=36034. Accessed 9 Nov 2014.
Department for Culture, Media & Sport (DCMS). 2011a. Research into consumer understanding and management of internet cookies and the potential impact of the EU Electronic Communications Framework. https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/77641/PwC_Internet_Cookies_final.pdf. Accessed 9 Nov 2014.
Department for Culture, Media & Sport (DCMS). 2011b. Research into consumer understanding and management of internet cookies and the potential impact of the EU Electronic Communications Framework. https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/72837/PwC_DCMS_Internet_Cookies_Summary_and_Conclusions.pdf. Accessed 9 Nov 2014.
Edwards, Lilian. 2003. Consumer privacy, on-line business and the internet: Looking for privacy in all the wrong places. International Journal of Law and Information Technology 11(3): 226–250.
European Commission. 2009. Report on cross-border e-commerce in the EU. Commission Staff Working Document, SEC 283 final (2009). http://ec.europa.eu/consumers/archive/strategy/docs/com_staff_wp2009_en.pdf. Accessed 9 Nov 2014.
European Commission. 2009. Data collection, targeting and profiling of consumers for commercial purposes in the online environment. Background Paper.
Field Fisher Waterhouse. Cookie ‘consent’ rule: EEA implementation. http://www.fieldfisher.com/pdf/cookie-consent-tracking-table.pdf. Accessed 9 Nov 2014.
Forbes. 2013. The Web Cookie is dying. Here’s the creepier Technology that comes next. http://www.forbes.com/sites/adamtanner/2013/06/17/the-web-cookie-is-dying-heres-the-creepier-technology-that-comes-next/. Accessed 9 Nov 2014.
Froomkin, Michael A. 2000. The death of privacy? Stanford Law Review: 1461–1543. http://osaka.law.miami.edu/~froomkin/articles/privacy-deathof.pdf. Accessed 9 Nov 2014.
Gibbs, Simon. 2013. The stupid cookie law is dead at last. Libertarian Home. http://libertarianhome.co.uk/2013/01/the-stupid-cookie-law-is-dead-at-last/. Accessed 9 Nov 2014.
Google Inc. Welcome to DoubleClick. http://www.google.com/doubleclick/. Accessed 10 Nov 2014.
Graham, Chirstopher. ICO blog: Half term report on cookies compliance. UK Information Commissioner’s Office (ICO). http://ico.org.uk/news/blog/2011/half-term-report-on-cookies-compliance. Accessed 9 Nov 2014.
Hall, Kathleen. 2011. EC cookie privacy laws threatens UK’s digital economy. ComputerWeekly.com. http://www.computerweekly.com/news/1280095377/EC-cookie-privacy-laws-threaten-UKs-digital-economy. Accessed 9 Nov 2014.
Hildebrandt, Mireille. 2006. Profiling: From data to knowledge, the challenges of a crucial technology. Datenschutz und Datensicherheit 30: 549–552. http://www.fidis.net/fileadmin/fidis/publications/2006/DuD09_2006_548.pdf. Accessed 9 Nov 2014.
Hoofnagle, Chris Jay, et al. 2012. Behavioral advertising: The offer you cannot refuse. Harvard Law & Policy Review 6: 273–296. SSRN: http://scholarship.law.berkeley.edu/facpubs/2086. Accessed 25 Nov 2014.
ICC UK Cookie guide. 2012. International Chamber of Commerce (ICC) UK. http://www.cookielaw.org/media/1096/icc_uk_cookiesguide_revnov.pdf. Accessed 9 Nov 2014.
InternetSociety. 2013. Understanding the personal data bargain. http://www.internetsociety.org/blog/2013/02/understanding-personal-data-bargain. Accessed 9 Nov 2014.
Javascript: Advantages and disadvantages. Jcscripters.com. http://www.jscripters.com/javascript-advantages-and-disadvantages/. Accessed 25 Nov 2014.
Kang, Jerry. 1998. Information privacy in cyberspace transactions. Stanford Law Review: 1193–1294.
Kierkegaard, Mercado Sylvia. 2005. How the cookies (almost) crumbled: Privacy & lobbyism. Computer Law & Security Review 21(4): 310–322.
Kosta, Eleni. 2013. Peeking into the cookie jar: The European approach towards the regulation of cookies. International Journal of Law and Information Technology 23(4): 380–406.
Kosta, Eleni. 2013. Consent in European data protection law. PhD dissertation, University of Leuven.
Kroes, Neelie. 2010. European Commission Speech 10/452. European roundtable on the benefits of online advertising for consumers (speech given at European Roundtable on the Benefits of Online Advertising for Consumers, Brussels, September 17, 2010). http://europa.eu/rapid/press-release_SPEECH-10-452_en.htm?locale=FR. Accessed 15 Nov 2014.
Kuneva, Meglena. 2009. European Commission Speech 09/156. Roundtable on online data collection, targeting and profiling (speech given at roundtable on online data collection, targeting and profiling, Brussels, March 31, 2009). http://europa.eu/rapid/press-release_SPEECH-09-156_en.htm. Accessed 9 Nov 2014.
Langheinrich et al. 1999. Unintrusive customization techniques for web advertising. Computer Networks: The International Journal of Computer and Telecommunications Networking 31: 181–194. http://www.ra.ethz.ch/cdstore/www8/data/2159/pdf/pd1.pdf. Accessed 9 Nov 2014.
Lee, Phil P. 2011. The impact of cookie ‘consent’ on targeted adverts. Journal of Database Marketing & Customer Strategy Management 18(3): 205–209. http://www.palgrave-journals.com/dbm/journal/v18/n3/pdf/dbm201120a.pdf. Accessed 9 Nov 2014.
Letter. Subject: SB 761(Lowenthal)—OPPOSITION. (2011). http://regmedia.co.uk/2011/05/05/dnt_opposition_letter.pdf. Accessed 9 Nov 2014.
Lloyd, Ian J. 2000. Information technology law (3rd edn.). Butterworths.
Mantelero, Alessandro. 2014. The future of consumer data protection in the EU Re-thinking the “notice and consent” paradigm in the new era of predictive analytics. Computer Law & Security Review 30(6): 643–660.
McStay, Andrew. 2012. I consent: An analysis of the cookie directive and its implications for UK behavioral advertising. New Media & Society 15(4): 596–611.
Nguyen, Anh. 2012. 95 % of UK organisations ‘do not comply with EU cookie law. Computerworld UK. http://www.computerworlduk.com/news/it-business/3350059/95-of-uk-organisations-do-not-comply-with-eu-cookie-law/. Αccessed 9 November 2014.
Office of Fair Trading (OFT). 2014. Online targeting of advertising and prices market study. Internet Advertising Bureu. http://www.iabuk.net/sites/default/files/IABresponsetoOFTmarketstudyintoOnlineTargetingofAdvertisingandPrices_6012_0.pdf. Accessed 9 Nov 2014.
Ohm, Paul. 2009. The rise and fall of invasive ISP surveillance. University of Illinois Law Review: 41. SSRN: http://ssrn.com/abstract=1261344. Accessed 9 Nov 2014.
Riefa, Christine, and Markou, Christiana. 2014. Online marketing: Advertisers know you are a dog on the internet. In Research Handbook on EU Internet Law, eds. Savin, A., Trzaskowski, J. Denmark: Edward Elgar.
Ronald, Leenes, and Kosta Eleni. 2015. Taming the cookie monster with Dutch law—A tale of regulatory failure. Computer Law & Security Review: The International Journal of Technology Law and Practice. doi:10.1016/j.clsr.2015.01.004.
Solon, Olivia. 2012. A simple guide to cookies and how to comply with EU cookie law. wired.co.uk, http://www.wired.co.uk/news/archive/2012-05/25/cookies-made-simple. Accessed 9 Nov 2014.
Solove, Daniel J. 2001. Privacy and power: Computer databases and metaphors for information privacy. Stanford Law Review 53: 1393–1462. http://scholarship.law.gwu.edu/cgi/viewcontent.cgi?article=2077&context=faculty_publications. Accessed 9 Nov 2014.
TRUSTe and Fieldfisher. Cookie audits—Are you ready? http://webcasts.acc.com/handouts/Whitepaper-_EU_Cookie_Audits_Are_you_Ready.pdf. Accessed 10 Nov 2014.
Taylor, Curtis R. 2004. Consumer privacy and the market for customer information. The RAND Journal of Economics 35(4): 631–650. http://www.jstor.org/discover/10.2307/1593765?sid=21105660558101&uid=3737848&uid=2&uid=4. Accessed 9 Nov 2014.
Tene, Omer, and Polonetsky, Jules. 2012. To track or ‘do not track’: Advancing transparency and individual control in online behavioral advertising. Minnesota Journal of Law, Science & Technology, 13(1). SSRN: http://ssrn.com/abstract=1920505 or 10.2139/ssrn.1920505. Accessed 15 Nov 2014.
The Economist. 2014. How a new type of “evercookie” tracks you online. http://www.economist.com/blogs/economist-explains/2014/08/economist-explains-3. Accessed 25 Nov 2014.
Treharne-Jones, Eleanor. 2014. European cookie sweep initiative: Are you compliant?” TRUSTe Blog. http://www.truste.com/blog/2014/07/17/european-cookie-sweep-initiative-are-you-compliant/. Accessed 9 Nov 2014.
Turow, Joseph, et al. 2009. Contrary to what marketers say, Americans reject tailored advertising and three activities that enable it. http://graphics8.nytimes.com/packages/pdf/business/20090929-Tailored_Advertising.pdf. Accessed 9 Nov 2014.
UK Information Commissioner’s Office (ICO). 2011. Changes to the rules on using cookies and similar technologies for storing information. https://www.huntonprivacyblog.com/wp-content/files/2011/12/Initial-guidance.pdf. Accessed 9 Nov 2014.
UK Information Commissioner’s Office (ICO). 2013. Changes to cookies on our website. https://ico.org.uk/about-the-ico/news-and-events/current-topics/changes-to-cookies-on-our-website/. Accessed 9 Nov 2014.
UK Information Commissioner’s Office (ICO). Data protection good practice note, collecting personal information using websites. http://webcache.googleusercontent.com/search?q=cache:93a44GXghAYJ:webarchive.nationalarchives.gov.uk/20100402134332, http://ico.gov.uk/upload/documents/library/data_protection/practical_application/collecting_personal_information_from_websites_v1.0.pdf+&cd=1&hl=en&ct=clnk&gl=cy. Accessed 9 Nov 2014.
UK Information Commissioner’s Office (ICO). 2012. Guidance on the rules on use of cookies and similar technologies. http://ico.org.uk/news/blog/2011/~/media/documents/library/Privacy_and_electronic/Practical_application/cookies_guidance_v3.pdf. Accessed 9 Nov 2014.
UK Information Commissioner’ s Office (ICO). 2014. The EU cookie law (e-Privacy Directive). http://ico.org.uk/for_organisations/privacy_and_electronic_communications/the_guide/cookies. Accessed 9 Nov 2014.
Vaizey, Ed. 2011. Open letter on the UK implementation of Article 5(3) of the e-Privacy Directive on cookies. Department of Culture, Media and Sport. https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/77638/cookies_open_letter.pdf. Accessed 9 Nov 2015.
van Eijk N, et al. 2012. Online tracking: Questioning the power of informed consent. Emerald Group Publishing Limited 14(5): 57–73. http://dare.uva.nl/document/2/121980. Accessed 14 Nov 2014.
Van Well, Lita and Royakkers, Lambèr. 2004. Ethical issues in web data mining. Ethics and Information Technology 6(2): 129–140. http://alexandria.tue.nl/repository/freearticles/612259.pdf. Accessed 9 Nov 2014.
Vibrant. 2011. Contextual ad leader vibrant signs new premium publishers. http://www.vibrantmedia.com/press/press.asp?section=press_releases&id=182. Accessed 9 Nov 2014.
Woody, Leonhard. 2011. Zombie cookies won’t die: Microsoft admits use, HTML5 looms as new vector.” InfoWorld. http://www.infoworld.com/article/2620781/internet-privacy/-zombie-cookies–won-t-die–microsoft-admits-use–html5-looms-as-new-vector.html. Accessed 25 Nov 2014.
WordStream. What industries contributed the most to Google’s earnings? http://www.wordstream.com/articles/google-earnings. Accessed 9 Nov 2014.
Yiannopoulos, Milo. 2011. Guest opinion: The EU’s legal war on cookies is barking mad.” wired.co.uk, http://www.wired.co.uk/news/archive/2011-05/11/cookies-regulations?p=2. Accessed 9 Nov 2014.
YouTube. 2012. Cookies FAQs. May 2012—ICO. https://www.youtube.com/watch?v=V0M8MYiGkQw. Accessed 9 Nov 2014.
YouTube. The stupid EU cookies law (and why it should die). https://www.youtube.com/watch?v=9hLmX9FX2KA. Accessed 9 Nov 2014.
YouTube. What is a cookie? https://www.youtube.com/watch?v=I01XMRo2ESg&feature=player_embedded. Accessed 14 Nov 2014.
Zarsky, Tal Z. 2002–2003. Mine your own business: making the case for the implications of the data mining of personal information in the forum of public opinion. Yale JL & Tech. 5: 1–56. http://yjolt.research.yale.edu/files/zarsky-5-YJOLT-1.pdf. Accessed 9 Nov 2014.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer Science+Business Media Dordrecht
About this chapter
Cite this chapter
Markou, C. (2016). Behavioural Advertising and the New ‘EU Cookie Law’ as a Victim of Business Resistance and a Lack of Official Determination. In: Gutwirth, S., Leenes, R., De Hert, P. (eds) Data Protection on the Move. Law, Governance and Technology Series(), vol 24. Springer, Dordrecht. https://doi.org/10.1007/978-94-017-7376-8_9
Download citation
DOI: https://doi.org/10.1007/978-94-017-7376-8_9
Publisher Name: Springer, Dordrecht
Print ISBN: 978-94-017-7375-1
Online ISBN: 978-94-017-7376-8
eBook Packages: Law and CriminologyLaw and Criminology (R0)