Information Commissioner criticises 'dreamed up' EU cookie directive

Policies concerning the use of personal data need to be based on thorough market research, according to Christopher Graham

The Information Commissioner Christopher Graham has questioned the effectiveness of the EU cookie directive, suggesting that it was "dreamed up by politicians in Brussels" without the appropriate market research to back it up.

Speaking at the launch of a new report called The Data Dialogue by think tank Demos, Graham said that policies around the use of personal data by companies and public sector organisations need to be evidence-based.

"More and more citizens and consumers are waking up to the implications of sharing personal data online," he said. "By fresh thinking that recognises where the consumer is coming from, we can develop policies that really work."

His criticism of the cookie directive, formally known as the EU e-Privacy Directive, was backed up by Jamie Bartlett, senior researcher at Demos and author of the report, who said that implementation of the law had "become far too onerous".

The directive requires anyone running a website to get explicit opt-in consent from their visitors before deploying cookies on their machines.

Meanwhile Ronan Dunne, chief executive of O2, said that presenting consumers with a pop-up window that gives them the option to opt in or out of data sharing is a "very blunt tool" to deal with an extremely nuanced issue.

The Data Dialogue report, which surveyed more than 5,000 people, revealed high levels of discomfort with sharing data. While 27% said they were comfortable with supermarket loyalty schemes, only 10% were comfortable with Gmail scanning email content for the purposes of targeted advertising.

However, the research found that attitudes towards sharing change when people are given more control in choosing what data is shared, and when the benefit of sharing that data is made clear to them.

Nearly three-quarters (73%) of consumers said they would be reassured if they were able to withdraw data on request, 70% if they could see what personal information was being held, and 66% if they had an online dashboard to control data.

"In order for the UK to realise the potential in the use of customer data, for the benefit of consumers themselves, there needs to be a certain level of trust established and a fair value exchange realised," said O2's Dunne.

"There needs to be a unified push on transparency. Otherwise there will always remain confusion and concern amongst the public about inconsistent practices and standards."

Georgina Nelson, privacy lawyer for consumer watchdog Which?, suggested that one solution could be to introduce standardised privacy policies that would allow customers to make like-for-like comparisons, without having to plough through reams of legal paperwork.

The organisation is planning to introduce a privacy seal in the first quarter of 2013, which companies will be able to display on their websites if they meet certain data protection criteria set by Which?, in collaboration with the Information Commissioner's Office.

However, Nelson admitted that there is a fine line between giving consumers the information they need to make informed decisions, and bombarding them with information that they will not bother to read. She said that a lot of work would be required to get the balance right.

Graham concluded the most important thing was for companies to "treat their customers as grown-ups", and recognise that economic prosperity and growth should not come at the expense of people's privacy.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Sophie Curtis

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place