I just love this quote from Kimon Zorbas, the vice president of the Interactive Advertising Bureau Europe “most Europeans were not troubled by behavioural advertising” and “Customer profiling is a basic to any business, not just online business” then in response to the opt-in clause in the EU cookie directive “if that were to happen, I am afraid it would kill a significant part of the industry.” Read more at The New York Times.

Is it not more to do with re-thinking how they do this? Come-on these advertisers have been creative in coming up with the cookie thing, and not even given the consumer a choice, they eat cookies whether they like it or not. Zorbas also said that those that didn’t want cookies “could simply block them through the industry’s Web site”.

Sure, and then we come to those zombie cookies, they are pretty creative. They never go away. I write a post on this not long ago.

I have nothing against cookies, after all they are very convenient. What I am against is that I get them without being asked, that I need to opt-out. Opting out is not always so straightforward. There are some websites where I definately do not want cookies from. There should be a button on the main page, right in from of you that states in big letters OPT-IN. And when you have done that it changes to OPT-OUT. Then you feel that you have some control. You, the customer can choose who is tracking everything that you do online.

Stricter legal guidelines in the EU means cookie providers need to ask your permission before handing out cookies. Clearly US not so happy about this 🙂

Read more here http://content.usatoday.com/communities/technologylive/post/2011/09/europe-taking-much-stricter-stance-on-do-not-track-rules/1.

David S. Misell asked me to share the privacy issues of html5, and I thought that no better place to do this than by creating a post.

Html5 is really about these zoombie cookies, cookies that keep coming back from the dead, even after you’ve deleted them…. scarey or what?

According to Wikipedia “Zombie cookies were first documented at UC Berkeley, where it was noticed that cookies kept coming back after they were deleted over and over again. This was cited as a serious privacy breach. If you delete a cookie, it should remain deleted. Since most users are barely aware of these storage methods, it’s unlikely that users will ever delete all of them. From the Berkeley report, “few websites disclose their use of Flash in privacy policies, and many companies using Flash are privacy certified by TRUSTe.

Ringleader Digital made an effort to keep a persistent user ID even when the user deleted cookies and their HTML5 databases (RLDGUID). The only way to opt out of the tracking was to use the company’s opt-out link which gives no confirmation.”

To read more techie stuff on how this annoying cookie is working go here where ars technia has written an insightful article on this.

Ringleader Digital claim on its privacy page that it only collects “non-personally identifiable information, such as browser identifiers, session information, device type, carrier provider, IP addresses, unique device ID, carrier user ID and web sites visited. Now the question is what happens when you link this information together?

Now according to the UK for example an IP address in isolation is not personal data under the Data Protection Act, according to the Information Commissioner. But an IP address can become personal data when combined with other information or when used to build a profile of an individual, even if that individual’s name is unknown.

And there is significant discussion on this around the world. In Seattle a Federal judge ruled that IP address is not personal information, however in the EU it is understood how easily an IP address can become an element of PII.

As to my personal opinion, it’s simple… I want visibility, i.e. if I delete a cookie on my PC or mobile device, I want it deleted. I don’t want a zoombie. It could be that I like the convenience of having a cookie there, but I want the choice to delete, and when deleted I don’t want any zoombies rooming around on my devices… my devices, yes, they are linked to my very person, and have become a part of my DNA..

The deadline for EU member states to implement the new cookie law is today! And not many member states are ready to eat their cookies yet! To date, Denmark and Estonia are the only states to have implemented the amended EU Privacy and Communications Directive, which gives Internet users more control of their data and requires any company with EU customers to comply. This requirement is a provision in an amendment to the E.U.’s Privacy and Electronic Communications Directive, which was adopted in 2009.

One claimed reason for the sluggish implementation of the directive is confusion around its intended purpose, as well as how best to implement it without destroying the businesses that rely on cookie placement to generate revenue, such as online advertising networks. The most visible change is the introduction of an “explicit consent” requirement. Read more at ClickZ.

So how can this be implemented? On a technical level it’s messy because it needs to be added on. It is not a built in privacy functionality so this will result in significant inconvenience for web-users as websites seek explicit consent for cookie placement through pop-ups and other awkward mechanisms. If the privacy function for cookies…. or maybe not cookies…. were an integral function of our PC and of any web-app we happen to be interacting with, perhaps it would be more of a loyalty card function (maybe even shaking hands, representing mutual consent)…used in the physical world for relationship marketing. The customer presents a card each time the approach the checkout. Hence in exchange for sharing personal information the customer should receive certain benefits, and clearly transparency in what is being collected…

Me just brainstorming to myself a little here 🙂

I’ve been posting about this before, the thing on “cookie consent” in the new EU privacy law. Well now there have been some guidelines published by the Information Commissioner’s Office.

Simply advice is as follows:

We advise you to now take the following steps:
1. Check what type of cookies and similar technologies you use
and how you use them.
2. Assess how intrusive your use of cookies is.
3. Decide what solution to obtain consent will be best in your
circumstances.

The main difference in behaviour is often those using cookies to collect your behaviour data used to by default give you the option to opt-out, however now you must consent, i.e. opt-in. This is now aligned to the general collection of personal data in the EU.

Nice development in Holland! Bill proposal that basically states a need to request permission before downloading a cookie on you machine their is more to, read more here https://zoek.officielebekendmakingen.nl/kst-32549-3.pdf.

This is basically what the revised EU directive on data privacy demands.

I found a nice analysis of how the EU directive on data privacy has changed with reference to the loading of cookies on a user’s PC. Check this post out by Raul Mendez, it is nicely described.