Journalists always like to hammer the odd nail into the
European Commission’s data protection credibility coffin. This week, we learn
from a “Euroactiv Exclusive” the extent to which the European Commission is
ignoring the cookie requirements and is evidently tracking users of its
websites.
Journalists have discovered that “the European Commission’s
homepage sets cookies to store information on surveys – which are not essential
to the operation of its website – and technically they should warn about
keeping the data.” Also: “users browsing the Commission’s EURES homepage are
tracked by Google Analytics without warnings, in clear breach of the current
data protection rules.”
European Data Protection Supervisor Peter Hustinx is
evidently aware of the problem and his officials are currently preparing new
guidelines for the EU institutions about tracking and cookies on websites.
Quite why his officials have not managed to update their guidance before now is
not clear.
The direction of travel on cookies has been very clear since
November 2009, when an obscure MEP inserted the cookie rules into a
telecommunications package that was implemented in the UK by means of the
Privacy and Electronic Communications (EC Directive) (Amendment) Regulations
2011, [SI 2011 No 1208]. If the cookie rules were devised to deal with the
legacy of the great Phorn debacle, (and I won’t trouble readers with a learned explanation
on the merits of that initiative), then it means that a mighty sledgehammer was
created to crack a pretty small nut.
Leaving that aside, is 4 years enough notice for the
European Commission to implement its own rules?
Evidently not.
Still, if Dave Evans, the ICO’s former cookie captain has
any spare time on his hands as he leaves the ICO and joins Swiss Re as their
new Data Protection Officer, perhaps he might be available to explain to these
Commission bods what needs to be done to comply with European laws.
Does it really matter that the Commission's institutions can’t fully comply with
European laws?
In one sense, their failure to treat the cookie
requirements seriously sends a strong message to the data protection community.
If privacy officers need leadership on the cookie question, they had better not look in their
direction.
The trouble is, however, that these institutions
should not have the luxury of choosing which laws to implement. Yes, the cookie
laws are silly, so there’s not a lot of harm done by not implementing them.
But, if the Commission (and its associated institutions) can’t be bothered to fully implement the current
laws, then why should the Commissioners be accorded much credibility when they announce that the current Data Protection Directive needs urgent
overhaul and it is really important that there should be agreement on a new
legal instrument by 2014?
The more important task for Peter Hustinx is to
reassert his credibility among journalists as an effective regulator, when the
European institutions he is supposed to supervise treat issues like cookie
compliance with this degree of reverence.
Source:
.
Posts
