Europe’s data protection body has slapped down efforts by internet advertising companies such as Google, Yahoo and WPP to meet tough new privacy rules.
The Internet Advertising Bureau Europe has made its YourOnlineChoices.eu website a key plank of its members’ attempts to comply with the European Union’s e-privacy directive, which requires websites to gain consent for the collection of users’ data through cookies, which can then be used to target advertising based on browsing behaviour.
The Article 29 working party, a group of data protection officials from EU member states that advises the European Commission on online privacy, said on Wednesday that YourOnlineChoices “does not result in compliance with the current e-privacy directive” and misleads consumers.
“The working party stresses that the code and the website create the wrong presumption that it is possible to choose not to be tracked while surfing the web. This wrong presumption can be damaging to users, but also to the industry if they believe that by applying the code they meet the requirements of the directive.
The IAB said it would consider the group’s recommendations. Its website has aimed to provide a one-stop shop to consumers for “information about how behavioural advertising works, further information about cookies and the steps you can take to protect your privacy on the internet”.
Businesses supporting the scheme include technology companies such as Google, AOL, Yahoo and Microsoft, media agencies including WPP’s GroupM, and publishers such as Yell, the Daily Mail, the Guardian, the Telegraph and the Financial Times.
But Article 29 members said the internet advertising industry must step up its efforts to protect consumers’ personal data.
“The advertising industry needs to comply with the precise requirements of the e-privacy directive and the adopted opinion shows that many practical solutions are available to ensure a good level of compliance together with a good user experience,” the group wrote.
Monique Goyens, director-general of the European Consumers’ Organisation (BEUC), supported Article 29’s position, saying that the IAB’s self-regulatory code fails to hit acceptable standards and achieves the opposite of what it was supposed to do.
Kimon Zorbas, vice-president of IAB Europe, said that there had been a “misunderstanding” about the role of YourOnlineChoices, which he said was intended to provide just one part of its members’ overall compliance with the e-privacy directive.
“We provide a tool that is helpful, providing transparency and choice,” he said. “We have always had an open approach [to the Article 29 group].”
The directive was brought into UK law in May, but the British Information Commissioner’s Office has granted a 12-month grace period before the complex legislation is enforced. However, the ICO this week fired a warning shot to companies who had “decided that this is all too difficult” that it would “take the necessary steps to ensure that you do work towards compliance” if consumers complained about specific sites.
European privacy legislation is set to be overhauled next month when the European Commission unveils sweeping new rules on how companies retain customers’ private information.
Breaches of the rules will be punishable by a fine of up to 5 per cent of global turnover, according to leaked drafts of the text.
The Article 29 group, rebranded as the European Data Protection Board, would have its enforcement powers bolstered by the proposal, which will come into force by 2015 at the earliest.