News


An influential group of EU regulators says that research and market analysis cookies are not exempt from a new EU law requiring informed consent for cookies, generating concern in the research sector.  

The group of regulators known as the Article 29 Working Party (Art29WP) brings together national data protection authorities from the 27 EU countries.

The Art29WP has issued an opinion stating that the use of cookies and similar technologies for market research and analysis falls within the definition of cookies necessary for operational purposes and as such require user consent. Operational purposes includes processes such as click fraud detection, ad affiliation, financial logging, frequency capping, product improvement and debugging, all of which would require consent for cookies to be set, according to the Art29WP.

In their view, none of these cookies can be considered to be related to a service or functionality explicitly requested by a user for which the recently adopted EU e-Privacy Directive does not require consent.

Therefore researchers must seek consent from the user having provided information about the cookies, in line with new EU requirements, although how users are required to express their consent varies between EU countries.

The Art29WP says that:  “first party analytics cookies are not likely to create a privacy risk when they are strictly limited to first party aggregated statistical purposes and when they are used by websites that already provide clear information about these cookies in their privacy policy as well as adequate safeguards”.

Such safeguards could include a mechanism to opt-out from data collection, and anonymisation mechanisms to anonymise any identifiable information such as IP addresses. In this case, first party refers to the website that the computer user is interacting with.

The Art29WP adds that while these cookies could be considered strictly necessary for website operators, they are not strictly necessary for users.

However, the Art29WP also states that third-party analytics systems using third-party cookies  present greater privacy risks since they collect information about a user’s cross-site web behavior. In these instances, third party refers to agents such as market research companies that conduct research or measure web traffic through the use of cookies.

This conclusion is of concern to the research sector as it fails to recognize the need for representative samples that are necessary for high quality research provided by independent research companies.

The Art29WP is trying to influence the ongoing global discussions that involve the W3C (Worldwide Web Consortium) which is developing technical Do-Not-Track standards for the Internet. This would allow users to express a choice about whether or not they wish to be tracked through their browser settings (which is also an option in the e-Privacy Directive).

The W3C group has difficulty in reconciling the complex and unclear EU ePrivacy Directive with US proposals which seek to control online targeted advertising but not market research. Some regulators are moving towards an even stricter position of Do Not Collect, meaning that no tracking should be conducted whatsoever, if a user has Do-Not-Track function turned ‘on’.  This would mean that research tracking for media measurement and such would be severely restricted. 

The full Opinion is available at: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinionrecommendation/index_en.htm#h2-1

For more details, contact public.affairs@esomar.org

 

Share |

Contact

For press releases, media enquiries, media partnerships and interview requests:

Erika Harriford-McLaren
Strategic and Corporate
Communications Manager
Phone: +31 (20) 664 2141
press@esomar.org