ICO wants 'cookie law' amended
Law has 'not delivered', says watchdog
The European Commission (EC) should amend the so-called 'cookie law' that requires website owners to obtain users' consent before placing cookies on their devices, according to the Information Commissioner's Office (ICO).
The ICO made the case in a submission to the EC's consultation (PDF) on changes to the Privacy and Electronic Communications Directive, also known as the E-Privacy Directive.
"Requiring consent for the processing of personal data has not delivered the expected protection for individuals because some personal data must be processed in order for the consent mechanism to operate," said the ICO.
"In our view, the rules should also seek to achieve a proportionate balance between the legitimate interests of information society services and the privacy rights of individuals.
"There is a case for an exemption or an alternative basis for processing other than consent, particularly in cases where the privacy impact on the individual is minimal."
The consultation over the E-Privacy Directive, which is now more than a decade old but was amended in 2009, is intended to further update it to better complement the General Data Protection Regulation, which will become law across the EU in 2018.
Both are part of the Digital Single Market Strategy for Europe designed to provide a level playing field for online services across the EU.
The consultation appears to indicate that the EC is planning to tighten e-privacy laws with mandates requiring "privacy by default" settings on "terminal equipment".
The ICO warned that this may have unintended consequences by hampering the development of internet services that the Digital Single Market is supposed to aid.
"The definition of terminal equipment would need to be carefully defined as it could include connected cars, IoT devices and legacy equipment. Consideration also needs to be given as to whether all these devices are capable of delivering privacy choices," said the ICO.
"The impact on small startup companies would need to be carefully considered to avoid a disproportionate detrimental impact on innovation.
"Again, in our view, any rules in this area should seek to achieve a proportionate balance between the legitimate interests of businesses and the privacy rights of individuals, and not impose onerous and disruptive requirements in cases where privacy impact is minimal."
The consultation also indicated that the EC is considering compelling website operators to make their content available, even if users reject cookies, a measure that the ICO also opposes.
The UK is set to leave the EU after the Brexit vote, but companies in the UK will almost certainly have to adhere to EU data protection laws to trade with, or collect data on, EU citizens.
V3 Latest
First plant to grow on the Moon, err, dies
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite news and updates: Fortnite made $2.4bn in 2018, according to SuperData
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Japanese firm sends micro-satellites into space to deliver artificial meteor showers on demand
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago