Friday, December 16, 2011

Can silent browser updates save us from the EU’s ePrivacy Directive?

English: Half a dozen home-made cookies. Ingre...
Image via Wikipedia
I’m not a fan of the EU’s ePrivacy Directive. It seems to have been penned by people who are out of touch with the internet. I also smell the faint whiff of anti-American sentiment. That’s a shame. As the anti-SOPA protestors remind us all; there’s a difference between one country and the global web.

Here in the UK we were schooled by the ICO that site owners "must try harder" on compliance. Come May 2012 they’ll start chasing and punishing website owners who fail to get explicit opt-in permission before dropping any non-essential cookies. To be clear; the authorities consider tracking and analytics to be non-essential.

This is a frustrating time. The UK authorities accept that browser settings could be used to control this opt-in process. This would be great news because it means not having to design sites with annoying but necessary permission seeking layers and would, hopefully, not lead to too much in the way of a decline in vital analytics data. Why is that frustrating? The same authorities say that browser settings are not yet sophisticated enough.

Browsers need to get better.

Chrome is great. Whenever there’s an improvement to Chrome that improvement silently rolls out to all Chrome users. This means if that Chrome puts whatever additional effort into the opt-in cookie settings is required to please the authorities that, in no small amount of time, Chrome users will have it.

Firefox isn’t a slacker either. Firefox introduced silent updates at the end of September this year. Mozilla’s browser is moving from a yearly update cycle to a series of rolling improvements every 6 weeks.

So, what about Internet Explorer? Actually, and somewhat surprisingly, good news on that front too. Microsoft has announced mass upgrades of IE that will be triggered automatically.

Okay, the Microsoft news has plenty of holes in it – these automatic upgrades are only triggered for people who’ve asked for automatic upgrades or who haven’t refused the latest IE before and they can be opted out of. But it’s a start.

In many ways it looks like silent updates can pave a road to ePrivacy Directive compliance.

There’s a final pit trap on this road to salvation, though. There’s no such thing as an “EU cookie law”. The ePrivacy Directive is a set of directions from Brussels that countries can interpret differently – and have already done so. In theory both Ireland and the Netherlands have already adopted the full recommendations whereas the UK is giving site owners to May next year.

Countries can go further than the EU directive too. In the Netherlands, for example, there are political forces trying to ensure all types of cookies receive separate and explicit agreement and that this agreement from the user is renewed/validated every year.

A fragmented set of privacy policies across Europe will certainly make it harder for browser settings to resolve the ePrivacy Directive headache.

blog comments powered by Disqus