The European Union has had a lengthy discussion about the protection of personal data in connection with electronic communication services. The aim is to create a free flow of personal data within the European Union while ensuring that this data is protected - irrespective of the technology used.
The EU Parliament and Council have taken different standpoints regarding the use of cookies. 'Cookies' are data created on the receiver's computer when he or she visits a website. These so-called electronic traces can often be linked to an individual - the person using the computer - and contain information about the individual's actions and behaviour in different respects. The data often concerns relatively harmless circumstances, such as where a person seeks his or her information on the Internet, but may also concern sensitive information regarding the individual.
In November 2001 the EU Parliament decided that the use of cookies requires the user's consent (ie, an opt-in system), and that each member state may decide whether the recipient's consent is required for commercial communication via email. However, in December 2001 the council decided the opposite: cookies may be used unless the recipient has opposed this (ie, an opt-out system), while commercial communication by email requires the recipient's consent.
Currently, cookies can be freely used in Sweden. A committee has recently argued (SOU 2002:18) that the use of cookies and logging in general may be done as long as it is in accordance with the Personal Data Act. That is:
- the personal data collected must be adequate and relevant in relation to the purposes for which it is processed;
- the purposes must be specified, explicit and legitimate; and
- personal data may not be processed for purposes other than those for which it was collected.
Commercial communication by email may take place in Sweden unless the recipient has opted out. There are disagreements as to whether this is wise. Among others, the Swedish Consumer Agency has advocated that Sweden should apply the opt-in system. This is mainly because it is believed to be the only effective method of preventing unsolicited commercial communications. According to the agency, persons carrying on electronic business activities are unlikely to check and respect opt-out registers.
The tendency within the European Union concerning commercial email also seems to favour the opt-in system. The institutions are trying to reach a compromise over these issues.
Regardless of the result of the negotiations between the EU institutions, the psychological effects of the extensive discussions regarding the Personal Data Protection Directive, and now cookies and commercial communication via email, should not be underestimated. Customers are now likely to show a greater interest in the use of personal data as a result of the debate concerning these issues. This will in turn lead to an increasing awareness as regards consent to the use of personal data. In this way Europe may follow the US trend of 'permission marketing', that is that commercial announcements will only be communicated to recipients who actively want to receive them.
For further information on this topic please contact Agne Lindberg at Advokatfirman Delphi & Co by telephone (+46 8 677 54 00) or by fax (+46 8 20 18 84) or by email ([email protected]).