Legal Advisor to the Vice President
Justice, Fundamental Rights and Citizenship
I am currently writing a consultation paper in response to the BIS (Business, Innovation and Skills) paper published last week which lays out how the UK Government are planning to transpose the changes to 5(3) of the ePrivacy Directive regarding the use of tracking technologies such as cookies.
It seems there is still a lot of talk about Recital 66 and the use of browser controls as a consent mechanism – an option I have argued for the last year, simply will not work. I urge Commissioner Reding to address this issue in light of further research on this matter.
It seems that industry are still persisting in breaking the rules of consent by using more surreptitious methods of tracking or respawning traditional cookies using other technologies. There are currently ongoing lawsuits in the US for the use of Flash to respawn HTTP cookies and the use of HTML5 browser databases (a new type of local stored object which comes with the HTML5 standard) which cannot be deleted.
Furthermore, there was news last week in the New York Times that Internet Explorer’s P3P implementation is flawed and allows organisations to store 3rd party cookies even when a user has set the browser to refuse them – a flaw which was being exploited by some of the biggest technology corporations in the world.
Now today I find yet another technology being developed to prevent users from permanently removing tracking technologies from their devices – the technology is known as Evercookie and I quote the first item in their FAQ:
What is the point of evercookie?
Evercookie is designed to make persistent data just that, persistent. By storing the same data in several locations that a client can access, if any of the data is ever lost (for example, by clearing cookies), the data can be recovered and then reset and reused.
Simply think of it as cookies that just won’t go away.
Read more of their open letter on Privacy International.