EU Ruling on Cookie Consent Needs to Be Replicated

The consent mechanisms revolving around making users accept terms and conditions to bung in cookies may have gotten tougher with the recent EU ruling

 

Each time we connect to the internet and use any of the applications, either through a browser or a smartphone, the chances are that we give away information that could potentially be bartered to advertisers or regressive governments and everyone else in between. The recent iOS update proved without doubt how unscrupulous app owners can get when it comes to tracking even something as innocuous as Bluetooth. 

Which is why the recent ruling by Europe’s top court that pre-checked consent boxes for dropping cookies on one’s browser would no more be valid. The court wanted websites to specifically obtain prior consent for storing and accessing non-essential cookies such as those used for tracking to deliver targeted advertising. The court ruled that consent could not be assumed or even implied. 

The question now is to understand how this would impact users as well as those who provide services over the Internet. For starters, websites would be forced to ask for consent before installing cookies, given that most were doing so surreptitiously in order to fetch revenues from targeted advertising. Now the choice rests with the user and not the service provider. 

The Court of Justice of the European Union (CJEU) made the latest call in a case related to a lottery website that had requested user consent to store cookies for allowing them to play a game. The court accepted the view that affirmative action wasn’t the same as simple inaction that necessarily constitutes user consent. So, asking in hushed tones won’t help! It should be loud and clear.  

The issue has been making headlines since research suggested that consumers, especially those in Europe, were facing widespread manipulation that was supposed to protect consumer rights. Ever since the data protection rules of 2018 came into being that stipulated fines for non-compliance, websites had popped up legal disclaimers and notices where inaction was taken as consent. 

A recent study conducted by academics in Germany and the United States suggested that not only were consumers facing confusion about how cookies function, they were also nudged and cajoled into accepting people’s privacy choices – something that amounted to influencing users without giving away all the relevant details. 

Details of the research published in TechCrunch.com in August suggested that if consent to drop cookies was being collected in a manner that was in consonance with the prescribed EU policies related to privacy, only a small fraction of customers would agree to get tracked. 

Now, if one were to juxtapose the same rules in a country like India, given its low levels of computer literacy and understanding of how privacy invasion online is both dangerous and unwarranted, most websites would find it tough to deliver targeted advertisements and may lose revenues heavily, given that a high majority of them seem to be operating without a plan-B on revenue generation. 

In tersely worded statement, the CJEU reiterated that consent required for dropping cookies would not be valid by merely having a pre-checked checkbox that the user needs to de-select in order to state her preference. It also made it clear whether such data accessed by cookies is personal or not does not impact the judgment. It said consent needs to be specific and websites also need to specify for how long the cookies would be operational as such approval cannot be treated in perpetuity.

What’s interesting is that till date only regulators from Europe seem to be giving unscrupulous data seekers something to worry about. Readers may recall that Google was amongst the first to be penalized under European laws that costed the company billions of dollars last year.

Whether European Union’s latest efforts result in widespread e-privacy reforms is within the realm of speculation at this juncture. But the fact remains that the move is a step in the right direction and countries that offer huge user volumes and substantial profits from targeted advertisements need to take note that citizens’ rights cannot be compromised at the altar of corporate greed. 

Is anyone listening in India’s deaf and mute consumer rights ecosystem? 


TAGS: Cookies, consumer rights, European Union, Consent