Dutch cookie law may lead to online exodus

Web publishers have warned that a strict new internet privacy law set to be adopted in the Netherlands could cause them to shift some operations to other European countries.

The law, which the Dutch parliament is likely to approve on Wednesday, would force websites to ask users for specific permission before recording their personal data, or providing the data to third parties. It is part of a European Union-wide push to regulate user-tracking files known as “cookies”.

The move is provoking controversy because of an amendment, approved on Tuesday by opposition parliamentarians, which requires websites to be able to prove that users have approved the use of their data.

Website developers and online advertisers warn the amendment will create headaches for developers, and could force users to click more pop-up windows while navigating the internet.

And because it will make the Dutch law stricter than those in Britain or France, they say it may lead to Netherlands-based web publishers shifting some operations elsewhere in the European Union.

The amendment is “a very hard-to-explain deviation from the European directive, which doesn’t help anybody and makes it more complicated for both us and for the consumer,” said Michiel Buitelaar, head of development at Sanoma Netherlands, the country’s largest web publisher. “It’s really very disappointing.”

“We can’t have this sort of splendid isolation in the Netherlands,” said Afke Schaart, a member of parliament for the governing Liberal Party. “If something needs to be changed, it should be changed at the European level.”

Parliament members who backed the amendment denied that it was out of step with the European directive. “We are simply taking into account the privacy interests of the internet user,” said Kees Verhoeven of the left-liberal D66 party, which voted for the measure.

Cookies are small text files that websites save on internet users’ computers to record data about their browsing behaviour. Other websites can use cookie data for various purposes, such as sending personalised advertising.

The Dutch law implements a two-year-old EU internet privacy guideline, which member states were supposed to incorporate into their national legislation by May 25.

The Dutch government initially proposed that use of cookies be self-regulated by an existing industry standards board, the Advertising Code Commission. But parliamentarians found this arrangement too open to abuse, and an unlikely alliance of the far-right Party for Freedom of Geert Wilders and the leftwing opposition Labour Party proposed amendments requiring explicit user consent.

When lawyers and industry experts complained that the amendment failed to specify how often consent would be required or how it could be passed on to third parties, the measure was changed. It now explains that users should not “be asked to give permission every time a cookie is placed or read,” but that whoever collects user data must have the user’s permission to do so.

Industry experts say this direction is vague and will be difficult to implement. Neelie Kroes, the former Dutch transport minister and current European Commissioner for Digital Agenda, opposes the amendment.

But the amendment is now incorporated in revisions to the Telecommunications Law that are almost certain to be approved on Wednesday.

“We leave it up to the sector” to find a technical solution, said a D66 spokesman.

Copyright The Financial Times Limited 2017. All rights reserved. You may share using our article tools. Please don't cut articles from FT.com and redistribute by email or post to the web.