The cost of online privacy
The European Commission is taking an increasingly interventionist approach towards internet regulation, particularly as regards individuals’ privacy rights. Earlier this week, the Commission announced that it was taking further steps to require the UK to fully implement EU laws on the interception of communications, while legislation currently working through the European parliament will require all websites using cookies to obtain express permission from users. These measures are particularly aimed at the restriction of “behavioural advertising” (also the subject of an OFT investigation).
In each case, the Commission claims (with some justification) to be acting in response to citizens’ concerns about their fundamental privacy rights. However, this may be a case where European citizens should have taken the old advice to “be careful what you wish for”.
It is unlikely that many people will shed tears over the fate of the Phorm “Webwise” system, which proposed to monitor web users’ activities in order to serve up advertisements matching their interests. The controversy over whether the system was legal under UK law led to the Commission’s investigation into the UK’s implementation of EU laws on the interception of communications, in particular the Regulation of Investigatory Powers Act 2000 (RIPA). The Commission has three complaints concerning RIPA:
- the lack of an “independent national authority to supervise interception of communications”;
- the permitting of interceptions where the interceptor has “reasonable grounds for believing” that consent to do so has been given, where EU rules require “freely given, specific and informed” consent;
- restriction of prohibitions and sanctions for unlawful interception only to “intentional” interception only, whereas the EU law requires member states to impose liability even for unintentional interception.
If UK law has to be tightened, especially on the second and third items, this will have a considerable impact on many businesses, not just those involved in online advertising.
The proposed new law on cookies could have an even bigger impact on online advertising and the surfing experience of European web users. Current EU law requires websites to offer visitors the “right to refuse” cookies. The UK has interpreted this quite broadly, with the Information Commissioner’s guidance (PDF) taking a pragmatic approach in which it was sufficient for companies to inform users in their privacy policies and leave it to individuals to block cookies using their browser settings.
The proposed change is intended to “clarify” the original law by requiring express consent from users before a website places a cookie on their computer. It has been suggested that this will mean websites have to show a pop-up to users entering the site, explaining what cookies are used (and for what purpose) and requesting consent. As many users hate pop-ups even more than they hate online advertisements, this is likely to have a significant adverse impact on many people’s web experience, and put EU-based websites at a disadvantage compared with their international competitors.
In addition, increased refusal of cookies will make online advertising more difficult and less profitable, which will increase the pressure on websites to charge users for accessing content. Again, one wonders whether many people would prefer the current trade-off between privacy rights and availability of “free” content over a web in which they encounter pop-ups and paywalls at every turn.
The Guardian’s recent supplement on the fortieth anniversary of the internet recalled an early (1994) description of the web as a place “where pornographers and Nazis walk freely, where criminals roam unchecked and where anarchy reigns”. These developments are another reminder of how far we have come from the Wild West days of the early, unregulated web. The web is now a highly-regulated environment: it remains to be seen whether it can retain its other benefits as the effects of this regulation become more apparent.