European Directive 2009/136/EC, which revises the e-Privacy Directive (2002/58/EC), was adopted in November 2009. One of the major changes to this Directive was that the processing of information via terminal equipment, such as cookies, can no longer be based on an “opt-out” regime (where the user can reset the default settings of his/her computer in order ensure that no cookies will remain on his/her computer), but rather an informed consent of the user should be obtained.
The Article 29 Working Party has voiced a number of concerns with regard to data protection compliance as laid down in the Code. EASA and IAB have stated that the Code is intended to create a level playing field and was not aimed to achieve compliance with the revised e-Privacy Directive. Consequently, the Article 29 Working Party has decided to adopt an opinion containing a specific analysis of the extent to which the Code complies with the e-Privacy Directive.
The Working Party’s main concern is that data subjects are given the wrong impression that it will be possible to choose not to be tracked when visiting websites. Furthermore, an information icon referring to information on the Website is used when cookies are placed on a website. Both the icon and the Website do not provide accurate and easily understandable information about the different advertising networks that are involved in the processing of the personal data, nor the purposes for the data processing.
More importantly, the fact that a user of a website needs to go to the Website in order to choose that he will not be tracked boils down to an opt-out regime, whereas the e-Privacy Directive requires the user’s informed consent. At the same time, the “opt-out” cookie used on the Website does not make it possible to delete previously installed cookies and, at the same time, the “opt-out” choice is being tracked by the website itself. Finally, the Article 29 Working Party comments in its opinion on the use of sensitive data, the lack of provisions regarding the retention periods of the personal data of the users as well as the compliance procedures mentioned in the opinion.
The Working Party concludes that it does not question the economic benefits of behavioural advertising, but that the user’s rights to privacy and data protection must be respected. The Code, in combination with the Website, do not result in compliance with the current e-Privacy Directive. (FVDJ)