Sunday 15 April 2012

Cookie (Non)Compliance: Is the Commission getting concerned?

If I were a humble oik working for DG Justice in Brussels, I would propose that Commissioner Viviane Reding sent a stiff memo to her fellow European Commissioners and to all European Data Protection regulators, just like this:

Right you lot, listen in.

I’m writing this email myself, rather than having it drafted by one of my flunkies, to explain to you just how unhappy I am. And you’re going to be unhappy too, unless I see some positive action – and fast.

Many months ago, we delivered a perfectly decent package of reforms on telecommunications to our European citizens. One part of those reforms included a requirement for you all to get your fingers out and implement new cookie rules on your websites that were supposed to be in force from 25 May 2011.

I say “supposed to” – regrettably, many of those on this distribution list are backsliders who have been so slow to pull their fingers out that the Commission is turning itself into a laughing stock.

What’s the point of me working on data protection reforms, creating additional fundamental rights for European citzens, and then introducing legislation to ram them home when you lot can’t be bothered to implement the stuff that’s already on the European statute book? You’ve taken so long to pass these rights on to the citizens that European data controllers have realised that they’re entitled to some fundamental rights too. And, as you know, I’m determined not to allow them to exercise many of those rights. They get in the way of what our citizens “want”. And remember, come the next elections, its only “citizens” that will be voting. Not “data controllers”.

Don’t give me all this rubbish about it being the duty of Member States to implement legislation that the Commission has simply proposed. That won’t wash. We all know where the real power lies. And you’re going to be looking around for other jobs soon, unless you can demonstrate how effectively you can exert the powers you’ve actually got.

And, why are so many of you continuing to encourage your internet users to follow you on Facebook and Twitter just when I am trying to give these organisations a stiff kicking for not implementing effective privacy safeguards?

How on earth am I supposed to be taken as a serious candidate for the position of President of the Commission when you lot won’t deliver as you’re expected?

In a few weeks time, European institutions are going to be humiliated - again. The Eurovision Song Contest will show the world that many of our most entertaining singers are a bunch of tuneless wasters, with no dress sense and no future in the music industry. The following day, Europe will wake up to the first anniversary of – basically – insufficient action implementing the new cookie rules. I am turning into a figure of fun. People are going to stop sniggering behind my back, and instead they’ll be laughing in my face as I explain to them how keen I am to implement new data protection reforms before my current term in office expires.

So, I’m taking some action. You’ve had over a year, and now it’s my turn.

Today, I’m ordering UK Information Commissioner Christopher Graham to review the websites of each European Institution – including all Information Commissioners websites – and that of the European Data Protection Supervisor – and I want him to give each institution marks out of 10 for the current state of their compliance with the cookie rules. I’ve appointed Graham for the task as the ICO is the most senior regulator to have appeared to have got it close to being right.

To ensure that no-one cheats, I’m instructing Graham to take a copy of the current explanations as they appear on your own websites at 12 noon today.

I want Graham’s assessment, on my desk, by 5pm next Monday, so that I can review it while I’m having my hair done.

Those Commissioners who score less than 6 out of 10 will be required to pass to me, in their own handwriting, their punishment lines by Wednesday lunchtime. They will be expected to write “I will deliver fundamental rights to European Citizens, whether my organisation likes it or not” 10 times in each of the official languages of the 27 Member States of the European Community.

Any Commissioner who hands in lines containing spelling mistakes, or illegible writing, will be required to repeat their punishment and hand in their new lines by Friday lunchtime.

Once all Commissioners have delivered on the cookie requirements, I’ll instruct the Commission engineers to turn on the air conditioning in the rooms that will be used in Cyprus over the summer to reach unanimous agreement on my proposals for reforms to the current data protection rules.

You have been warned.

Now, get your fingers out, and start delivering.



Inspiration for this blog came from a chum who was concerned that Regulators sometimes found it hard to practice what they preach. He wondered if I had ever reviewed the privacy policies for the UK ICO and EU data protection sites. As far as he was concerned, the EC DG Justice and European Data Protection Supervisor’s sites seem not to be complete, especially on cookies. He considered that the UK ICO seems thorough enough on cookies. I must say that I am warming to the idea of a Citizen’s Panel to audit compliance with the rules they expect others to follow!