EU pushes ahead with cookie limits

The European Parliament on Tuesday voted to adopt an amendment to the draft directive on electronic data collection and privacy that would restrict the use of cookies.

If the vote is ratified, Web sites will have to explicitly ask people if they want to accept cookies--a move that the advertising industry says could be damaging to business.

Cookies are small pieces of code used mainly by commercial sites to track Web surfers. They are downloaded to browsers and can be used to recognize and authenticate people when they return to a Web site so they don't have to log in every time.

Companies that use such advertising technology on the Web typically place cookies on individuals' computers when an advertisement is delivered, giving the companies the ability to track consumer behavior online and gauge the effectiveness of an ad campaign or target marketing to consumer preferences. Web sites also use the markers to hold passwords and personal information for custom services such as Web-based e-mail.

But consumer advocates have long criticized the tags for their technical vulnerabilities and potential privacy problems in the event of a computer security breach. The mere fact that cookies can hold years of data about consumer travels on the Web is enough to raise the ire of privacy advocates. It was such concerns that led to the amendment to the draft directive on electronic data collection and privacy being tabled.

The run-up to the vote had triggered concern in Europe's Internet advertising community, with the Interactive Advertising Bureau warning that British companies could lose $269.6 million (187 million pounds) if the directive was ratified.

The IAB said it plans to lobby national governments in advance of the reading of the amendment by the council of ministers, which is expected in December. "We will carry on lobbying," said an IAB representative. "We hope experts in national governments may have better understanding of the role of cookies in supporting business."

The IAB disputes the privacy arguments, saying that legislation such as the Data Protection Act and the Human Rights Act already provide enough protection to individuals' privacy.

"The (Members of the European Parliament) said this is about data protection and privacy laws, but all a cookie does is store information about the computer," the representative said. "If you use cookies to find personal information, well, that is already illegal under existing laws."

The representative added that life without cookies would be incredibly irritating for Web users.

"You can already switch off cookies in your browser, but if you go to Amazon.com and set up your preferences but don't have cookies, you'll have to recreate your preferences every time you visit the site," the representative said.

Staff writer Matt Loney reported from London.