The previously discussed Dutch legislation on cookies resulted in an avalanche of criticism from both computer experts and marketing specialists. However, is it really that bad? It seems that tracking citizens has become customary to the extent that citizens regard having to give their consent as a nuisance, instead of the fact that most websites insist on placing cookies. If there is to be any identity protection when browsing the web, a certain amount of force towards digital advertisers is unavoidable.

First of all, lets get two things straight.The discussed legislation forbids placing any sort of tag and reading out any sort of information that is not functional to the service provided. In other words, using the other methods employed by the famous Evercookie of Samy Kamkar is not legal either. What is to be deemed functional can be up for debate, but tracking for marketing purposes is not and authentication cookies are. Applications like website analytics that do not track individuals are under discussion.

Secondly, since the legislation on cookies came into force, a lot of websites currently mention placing cookies, but still do not ask for consent. Those websites do not comply with the legislation: if they place merely functional cookies they do not have to state anything, if they place non-functional cookies they have to ask explicit consent. Those websites probably expect not to get a fine quickly and are willing to take the risk.

Enforcement: Do We Really Have To Bow For Large Companies?
When the legislation on cookies came into force, some columnist thought it was quite funny to imagine the Dutch authorities calling a large Internet service to require their compliance. Although the idea of a member of parliament in this situation is, indeed, a bit humorous, it is no argument at all. If we deem our government to small to do anything about the movements of multinationals, we can give up any form of regulation or legislation that does not please the large industrial companies.

Of course, enforcement is hard in some cases, which can make it or the regulation leading to it unwanted. Nevertheless, that does not mean that ideals have to be given up at the first opposition. Imagine the existence of a large criminal organisation in your home town resulting in the police saying: they are too large and powerful, let them have it their way!

Apparently, Citizens Regard Tracking As Normal
Most interestingly, the discussion on regulating cookies shed a light on the fact that most citizens regard the tracking of their every move as normal. On the other side, marketing companies think that they can only provide their services when they know almost every movement of the visitors of the websites they work for. In this case, the latter can partially be ignored: of course their work is easier when they know more, but so was the life of the owners of industrial companies before unions were allowed.

The fact that citizens are such accustomed to being tracked that any asking for consent or even a notification of the placement of cookies is regarded as a great nuisance. It was already known that extra payments for privacy were unwanted, but even free protection seems to be a problem. From this perspective, giving force to Mozilla’s Do-Not-Track seems to be the only solution that is usable enough, although it does not allow for a per-website decision.

Are Other Solutions So Much Better?
The most interesting question to be asked is whether other solutions are that much better. There exist a lot of privacy enhancing technologies, of which a lot are concerned with profiling. However, a lot of them are written from a scientific perspective that makes them sound. However, they also require companies to make a large investment without much direct reward – given that the other option is continuing life as usual. From that perspective, a crude enforcement to ask for consent by the government forces a technological cheap method at least, but leaves room for those elaborate technologies to be implemented for the sake of usability and functionality.

Another popular technique in debates is reverse profiling. Basically, the user itself collects his personal data and decides per site how much is given to this website. From the viewpoint of the user, I cannot understand why you would want the hassle of profiling yourself, if your best option out of privacy concerns would be no profiling at all. When money is involved as incentive in such a solution, it is even worse.

I do like the mentioned idea of Do-Not-Track, where a visitor’s browser simply states that its user does not want to be tracked. The only two problems I can imagine with this solution are that it effects all websites, which is a rather crude control, and that it is not really popular or enforced. Of those, the latter can be solved by legislation and press statements.

Is The Cookie Legislation Really That Bad?
I would say that the cookie legislation is a step in the right direction. Users gain more control over their identity. However, in practice, not all intended goals are reached as easily as expected. This does not necessarily mean the legislation as a whole was a bad idea, but merely that we need to continue looking for better solutions.

One Response to Forbidding Cookies: Is It Such a Bad Idea?

  1. Ingrid says:

    Nice article, but consider this. Often it is implemented as a zero sum game, you either get every thing or nothing and there is nothing in between (example fok.n)

    Hopefully in the future I get full control on my digital identity and do other websites accept it that they may use my name but are not allowed to learn that I only click on the news articles involving sex or poletics.

Leave a Reply

Your email address will not be published. Required fields are marked *