---

Home Security

VNU Net: Cookies crumble under data protection legislation

By

By Lisa Kelly, VNU Net

Many UK ecommerce companies could soon be breaking the law by
illegally using technology that tracks website users’ personal
data.

On 1 March the updated Data Protection Act 1998 comes into
effect. This will enable individuals to take legal action against
those who process data about them without their active consent.

The latest data protection legislation makes cookie
technology – programmes downloaded from a website owner’s
computer to a user’s computer, allowing users subsequent site
accesses to be tracked – illegal unless it is
transparent.

Dai Davis, head of the IT Group at law firm Nabarro Nathanson,
said: “The Act will make this relatively little known but
potentially extensive use of personal data through cookie
technology illegal, unless it is made transparent to data subjects
what information has been collected and how it is likely to be
used.”

Davis said the change in the laws will place European businesses
at a competitive disadvantage to countries operating from outside
Europe, which do not have to comply with the new legislation, such
as the US where “data protection is anathema”.

“This is another case of the European Commission shooting
European companies in the foot and one which is potentially highly
damaging,” said Davis.

James Roper, chief executive of industry body the Interactive
Media Retail Group, said the legislation will damage UK
ecommerce.

“It will put us at a disadvantage to the US,” he said. “The
serious companies that we urgently need to engage in ecommerce
cannot break the law, so they will try to do it properly at a great
cost or management burden which could prevent them from making
steps into ecommerce.

“Demanding transparent use of cookies is like forcing Ford to
state how its carburettor works each time it sells a car. The
customer does not need to know.”

Transparent use of cookies, however, has its supporters. Helena
Sims, the Data Protection Registrar’s compliance manager, said the
1998 Act is no different to the 1984 Act in the respect that
“individuals should know who is collecting information about them,
for what purpose and any disclosures”.

“There is a transitional provision in the 1998 Act for companies
that have had a site using cookies to monitor use of the internet
before 24 October 1998. They will have until 24 October 2001 to
comply.”

Keith Mitchell, chairman of Internet hub the London Internet
Exchange, said: “Privacy protection in the US is inadequate. There
has been abusive cookie use and transparent use of cookies will
promote users confidence in ecommerce.”

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.