The European Union and cookies…not exactly a love story

By Richard Arneson

To detail in a book the benefits that the digital age has delivered over the past twenty (20) would make Moby Dick look like a brochure. In a much, much smaller book would be a list of any negative ramifications, most of which would fall under the label Security. Here’s a third book: Annoyances. Sure, they’re far outweighed by the benefits, but they’ve afflicted everybody who’s turned on a computer, smartphone or tablet to access the Internet.

For years it was buffering, which left the user waiting and waiting―then grabbing coffee while waiting―as the small hour glass or spinning circle ostensibly meant your request was being processed. And how about the slow dial-up Internet connections, those noisy, awkward network handoffs, and the pop-ups, which are electronically akin to billboards randomly popping up in front of your car and bringing it to a grinding, screeching halt. We’ve got a new one—making the digital scene en masse is a new pop-up: The Cookie Consent Banner, brought to you by the (EU).

Cookies, those of the electronic variety, have been around for years, and for the most part went unnoticed. You’d set up your browser to accept, not accept, or confirm their download before proceeding, but once that decision had been established in the browser settings, they didn’t provide much of a speed bump in the road. Cookies are small files that are essentially lookup tables and hold simple data, such as the user’s name. If accepted, they can be accessed by both users’ computers or web servers, and provide a convenient way of carrying data from session to session without having to re-enter the information.

In the past couple of months, however, the subject of cookies has been revitalized. Click on certain websites and you’re suddenly face-to-face with a pop-up banner that alerts you to the fact that the site utilizes cookies. Yep, a speed bump.

Why is the cookie consent banner showing up all the sudden?

The European Union, which was established in 1993, was an attempt to buoy the competitiveness of twenty-eight (28) member countries. It eliminates trade and monetary borders between EU countries, making for an easier flow of goods and services. And, yes, they established the euro, which is, behind the U.S. dollar, the most commonly held form of currency in the world. But in 2002, they took on another pet project―cookies. They determined that Internet users’ privacy wasn’t being adequately protected and cookie disclosure wasn’t being communicated. Hence came the EU’s Cookie Law, which is officially known as the 2002 ePrivacy Directive (ePD). The Cookie Law, or ePD, was not really a law, but a set of goals. It was up to each of the EU members to draft and enforce their own legislation based on these goals―most didn’t. Enforcement was minimal, if at all. See toothless.

In 2011, the EU enacted the ePrivacy Regulation (ePR), which, as its name suggests, actually is legislation that can be enforced EU-wide. The ePR incorporated other elements, as well, such as marketing efforts related to email, faxes, texts and phone calls. Unless you were directly affected by it, the ePR flew well under the radar. That is until 2017 when the EU updated the ePR and selected May 2018 as its launch date to coincide with that of The General Data Protection Regulation (GDPR). While the GDPR is not technically a subset of the ePR, it is somewhat overlapped by the latter, but focuses solely on users’ personal data. The ePR is broader in scope and protects the integrity and confidentiality of communications and data even if it’s not of a personal nature.

The good news? The ePR has already stated that in 2019 they’re going to introduce simplified cookie rules and make cookie consent a more user-friendly experience. Simplified cookie rules? More user-friendly cookie consent? Yes, it sounds like the EU considers the cookie consent banner an annoyance, as well.

Questions? Turn to the Experts

GDT is a 22-year-old network and systems integrator that employs some of the most talented and tenured solutions architects and engineers in the industry. They design, build and deploy a wide array of solutions, including managed services, managed security services and professional services. They manage GDT’s 24x7x365 Network Operations Center (NOC) and Security Operations Center (SOC) and oversee the networks and network security for some of the most notable enterprises, service providers and government agencies in the world. You can contact them at SolutionsArchitects@gdt.com or at Engineering@gdt.com. They’d love to hear from you.