Since the European Union adopted changes to the E-Privacy Directive in November 2009, there has been uncertainty about the future of Internet services based on cookies in the EU. The major concern of Internet service providers relating to the use of cookies is Article 5(3) of the amended Directive, which sets a requirement for prior consent of users. Currently, the use of cookies is permitted in Finland provided that the user is appropriately informed of it.

On the other hand, the amended E-Privacy Directive has raised debate over whether its implementation in member states will have any impact on the Internet services business, since the Directive leaves much room for interpretation by national legislators. There seems to be the possibility to mitigate or even evade the requirement of the user’s prior consent. Recital 66 of the Directive states that the user’s consent may be received through browser settings. As default settings of major browsers generally allow cookies, this standpoint would make the Directive’s impact on business quite minor.

In Finland, a standpoint similar to Recital 66 seems to have been taken in the draft government proposal. The proposed text version of the Law on Privacy in E-Communication (Sähköisen viestinnän tietosuojalaki) sets forth the requirement for the user’s consent for the use of cookies by Internet service providers. However, the draft governmental proposal provides that consent can be received through browser settings, since Internet services should be user-friendly. Thus, the user-friendliness of Internet services seems to have triumphed over the privacy arguments that lied behind the E-Privacy Directive amendment.

Finland was one of the few member states who implemented the changes to the E-Privacy Directive within the required schedule, i.e. by 25 May 2011. The Finnish Parliament approved the changes in accordance with the draft governmental proposal. The current law requires the user’s consent for the use of cookies, and such consent can be obtained through browser settings. This presumes that the browser settings are user-friendly, and that consent can be validly given just by changing the settings.