Apple joins wide array of tech companies in fight to kill EU's 'Cookie Law'

Posted:
in General Discussion edited July 2016
Apple and a cadre of other tech companies are fighting the European Union's so-called "Cookie Law," lobbying the organization for more refined laws that aim to strike a balance between user privacy and data collected by providers.




The filing, submitted just hours before a July 5 public comment deadline, states that a similar law, the General Data Protection Regulation (GDPR), should be the framework for "a comprehensive set of horizontal rules ensuring high levels of data protection" for citizens of the EU. The parties would prefer the GDPR over expansion of the widely criticized ePrivacy Directive.

"We believe that simplifying and streamlining regulation will benefit consumers by ensuring they are provided with a simple, consistent, and meaningful set of rules designed to protect their personal data," the industry group said http://www.gsma.com/newsroom/press-release/empowering-trust-innovation-repealing-e-privacy-directive/">in its statement. "At the same time, it will encourage innovation across the digital value chain and drive new growth and social opportunities. This is critical at a time when digital companies are striving to launch new innovative services and working to build a 5G Europe."

The ePrivacy Directive, effective May 26, 2012, is an attempt to regulate a number of internet-specific issues, including confidentiality of user information, how data is handled and retained by providers, spam regulation, and browser cookie implementation under one law. Many of the provisions in the ePrivacy Directive overlap other EU laws and policies, such as the GDPR.

The public comment period on the ePrivacy Directive was querying respondents to see if widening the law to voice-over-IP, and social media networking was appropriate. The disseminated questions about the law also asked about if there should be updated legislation on personal data breaches, location data, and further protections on privacy of various communication methods on the Internet.

The industry group is seeking as yet unspecified "appropriate legal instruments" rather than continuation of the wide-reaching ePrivacy Directive.

The coalition includes Apple, Amazon, BT, Blackberry, Dropbox, eBay, Facebook, Fastnet, Foursquare, Google, Huawei, LinkedIn, Microsoft, Netflix, Orange, Paypal, T-Mobile, TalkTalk, Telefonica, Three, and Vodafone.
«1

Comments

  • Reply 1 of 29
    irelandireland Posts: 17,798member
    The cookie thing is a pain in the butt.
    monstrosityjackansilatifbp
  • Reply 2 of 29
    croprcropr Posts: 1,129member
    ireland said:
    The cookie thing is a pain in the butt.
    Well I think it needs to be  there.  Facebook is using tracking cookies even for users who don't have a Facebook account.  It one is really concerned about privacy, the end-user must be informed that a website is using cookies to track his movements of the web.

    Normally Apple claims to respect the privacy of the user, but here Apple takes an opposite position, which I don't understand.
    jackansi[Deleted User]
  • Reply 3 of 29
    Apple fighting the good fight against tracking cookies.  Once again differentiating themselves from greedy companies like Google who want all the private data they can get.
    lkruppjbdragonmagman1979baconstanglordjohnwhorfin
  • Reply 4 of 29
    VisualSeedVisualSeed Posts: 217member
    cropr said:
    ireland said:
    The cookie thing is a pain in the butt.
    Well I think it needs to be  there.  Facebook is using tracking cookies even for users who don't have a Facebook account.  It one is really concerned about privacy, the end-user must be informed that a website is using cookies to track his movements of the web.

    Normally Apple claims to respect the privacy of the user, but here Apple takes an opposite position, which I don't understand.
    Apple is not advocating abandonment of the privacy goals of the law. They are asking for the law to be simplified so it can more easily, and reliability, implemented which means better and consistent enforcement. Currently there is a lot of overlap between multiple governing bodies with conflicting regulations. A lot of times regulators come up with solutions to problems that ignore market realities or the abilities or limitations of technology. 
    jbdragonmagman1979baconstanglordjohnwhorfinlatifbp
  • Reply 5 of 29
    cropr said:
    ireland said:
    The cookie thing is a pain in the butt.
    Well I think it needs to be  there.  Facebook is using tracking cookies even for users who don't have a Facebook account.  It one is really concerned about privacy, the end-user must be informed that a website is using cookies to track his movements of the web.

    Normally Apple claims to respect the privacy of the user, but here Apple takes an opposite position, which I don't understand.
    I hate tracking too, but the law needs to go. Except for some annoyance for users and a bit more for website operators it accomplishes nothing. After reading the warning, agreeing or disagreeing, the user is just as informed as without the warning. It is stupid and pointless.
    edited July 2016 monstrositylordjohnwhorfinlatifbp
  • Reply 6 of 29
    rotateleftbyterotateleftbyte Posts: 1,630member
    hate tracking too, but the law needs to go. Except for some annoyance for users and a bit more for website operators it accomplishes nothing. After reading the warning, agreeing or disagreeing, the user is just as informed as without the warning. It is stupid and pointless.
    But the likes of Google and Facebook won't be satisfied with this. They want everything and more about everyone on this planet.
    sorry, there are some of us who have a brain and know where this is going. Welcom to the Borg. I opt out thank you.
    Why?
      I had my identity stolen in 2009. Took me years to get things sorted out.
    If you support this action then all I can say is, I hope you get your ID stolen and you enjoy the grief it will bring you.
    Google and FB are part of this stripping away of individual identities and freedoms. This I do not want.
    jackansiapple2c
  • Reply 7 of 29
    thewhitefalconthewhitefalcon Posts: 4,453member
    And yet people are confused why the Brits wanted out of the EU. 
    elijahgstevehlatifbp
  • Reply 8 of 29
    hate tracking too, but the law needs to go. Except for some annoyance for users and a bit more for website operators it accomplishes nothing. After reading the warning, agreeing or disagreeing, the user is just as informed as without the warning. It is stupid and pointless.
    But the likes of Google and Facebook won't be satisfied with this. They want everything and more about everyone on this planet.
    sorry, there are some of us who have a brain and know where this is going. Welcom to the Borg. I opt out thank you.
    Why?
      I had my identity stolen in 2009. Took me years to get things sorted out.
    If you support this action then all I can say is, I hope you get your ID stolen and you enjoy the grief it will bring you.
    Google and FB are part of this stripping away of individual identities and freedoms. This I do not want.
    And keeping the law will do nothing at all to stop where this is going or help you opt out. What could conceivably work a bit is make certain kinds of tracking illegal. But legislators are utterly clueless, and will depend on the industry to tell them what's what. So we're out of luck.
    edited July 2016
  • Reply 9 of 29
    incloudincloud Posts: 1member
    The cookie banners we see now are attempts to avoid the law not comply with it. The e-Privacy Directive (there has never been an "EU cookie law") simply required that users give their consent to intrusive access to their "terminal equipment" i.e. their devices or browsers. This is a simple requirement meant to give people a choice on whether tracking cookies, malware etc. are installed in their devices. The UK's ICO validated the idea of "implied consent", after it was dreamed up by the corporate lobbyists (almost 10 years ago) trying to defuse the legislation. Although the original ICO guidance said that sites should offer the ability to revoke consent, and tracking cookies especially not stored until after information on their use was explained, the bulk of website did the barest minimum and just installed these annoying banners that offer users no choice whatsoever. The same corporate lobbyists and companies then did their best to scupper the US Whitehouse supported Do Not Track initiative (although some of us persevered and it is happily now complete). The enormous popularity of AdBlockers shows that there was a need for this legislation. Although they do offer some respite from the onslaught of tracking and invisible personal data collection, ultimately they cannot be the answer because only a minority gets round to using them, they do not work in apps, and few mobile browsers support them. In addition tracking companies can circumvent them. The ePrivacy Directive is now being reviewed and sensible amendments have been suggested. It should not be "abolished", that is definitely not in the interest of people's privacy and other fundamental rights, nor ultimately in the interest of business. If a tiny fraction of the money and attention that companies invested in lawyers and lobbyists try and defy the law had been spent seriously implementing the Do Not Track recommendation or complying with ePrivacy, we would have not needed to embrace AdBlockers so enthusiastically and much of the trust in online commerce would not have been lost.
    lordjohnwhorfinjackansielijahg
  • Reply 10 of 29
    monstrositymonstrosity Posts: 2,234member
    cropr said:
    Well I think it needs to be  there.  Facebook is using tracking cookies even for users who don't have a Facebook account.  It one is really concerned about privacy, the end-user must be informed that a website is using cookies to track his movements of the web.

    Normally Apple claims to respect the privacy of the user, but here Apple takes an opposite position, which I don't understand.
    I hate tracking too, but the law needs to go. Except for some annoyance for users and a bit more for website operators it accomplishes nothing. After reading the warning, agreeing or disagreeing, the user is just as informed as without the warning. It is stupid and pointless.
    Like every other EU legislation. Achieves nothing but annoyance,
    elijahgnetroxthewhitefalconlatifbp
  • Reply 11 of 29
    I hate tracking too, but the law needs to go. Except for some annoyance for users and a bit more for website operators it accomplishes nothing. After reading the warning, agreeing or disagreeing, the user is just as informed as without the warning. It is stupid and pointless.
    Like every other EU legislation. Achieves nothing but annoyance,
    Nah. The single currency and free trade, for example, eliminate a lot of annoyance. I had to ship something to Norway last week, more hassle than shipping shipping inside the EU. I remember needing to change money when going on vacation, happy to be rid of that nonsense. Also national legislators are perfectly capable of souvereignly thinking up idiotic laws on their own. The "cookie law" is the result legislators needing to be seen as doing something to solve problems. Anything. If nothing smart is possible then it will just have to be something stupid. The EU is not the only legislator with that problem.




    edited July 2016
  • Reply 12 of 29
    MarvinMarvin Posts: 15,354moderator
    cropr said:
    ireland said:
    The cookie thing is a pain in the butt.
    Well I think it needs to be  there.  Facebook is using tracking cookies even for users who don't have a Facebook account.  It one is really concerned about privacy, the end-user must be informed that a website is using cookies to track his movements of the web.

    Normally Apple claims to respect the privacy of the user, but here Apple takes an opposite position, which I don't understand.
    The directive covers more than cookies, I doubt the cookie issue concerns Apple as they aren't an ad-based company:

    http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32002L0058:en:HTML
    http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=URISERV:l24120

    -----------------------------------------

    "Providers of electronic communication services must secure their services by at least:
    • ensuring personal data are accessed by authorised persons only;
    • protecting personal data from being destroyed, lost or accidentally altered and from other unlawful or unauthorised forms of processing;
    • ensuring the implementation of a security policy on the processing of personal data.

    The service provider must inform the national authority of any personal data breach within 24 hours. If the personal data or privacy of a user is likely to be harmed, they must also be informed unless specifically identified technological measures have been taken to protect the data.

    EU countries must ensure the confidentiality of communications made over public networks, in particular they must:

    • prohibit the listening, tapping, storage or any type of surveillance or interception of communications and traffic data without the consent of users, except if the person is legally authorised and in compliance with specific requirements;
    • guarantee that the storing of information or the access to information stored on user’s personal equipment is only permitted if the user has been clearly and fully informed, among other things, of the purpose and been given the right of refusal.

    When traffic data are no longer required for communication or billing, they must be erased or made anonymous. However, service providers may process these data for marketing purposes for as long as the users concerned give their consent. This consent may be withdrawn at any time.

    User consent is also required in a number of other situations, including:

    • before unsolicited communications (spam) can be sent to them. This also applies to short message services (SMSs) and other electronic messaging systems;
    • before information (cookies) is stored on their computers or devices or before access to that information is obtained - the user must be given clear and full information, among other things, on the purpose of the storage or access;
    • before telephone numbers, e-mail addresses or postal addresses can appear in public directories.

    EU countries are required to have a system of penalties including legal sanctions for infringements of the directive.

    The scope of the rights and obligations can only be restricted by national legislative measures when such restrictions are necessary and proportionate to safeguard specific public interests, such as to allow criminal investigations or to safeguard national security, defence or public security."

    -----------------------------------------

    There are rules for transfer of data and dealing with location data. US companies would occasionally store customer data outside the EU. The surveillance directive should be directed at certain intelligence agencies but they wouldn't have known when it was written up.

    The cookie directive is important but they implemented it completely the wrong way. I suppose it's due to how it's enforced by jurisdiction but they shouldn't have asked sites to do anything because it's completely unmanageable. There are a handful of browsers, the cookie blocking should have been done by them and could have been implemented very quickly.

    Browsers would be required to create temporary and isolated storage for a website on visiting it and remove this data by default on finishing the browsing session. This negates the need to ask the user for anything. If a site requires persistent data then they have to explicitly request long-term storage to the user and this would be part of the HTML or Javascript spec. On calling this API, the browser would ask the user to allow it with an unobtrusive request. Users would be able to block requests for persistent storage by default. The EU would ask Apple, Google, Microsoft, Opera, Mozilla to implement this and it covers almost the entire internet. They can implement it within a week and it would actually work to protect privacy unlike what they have now.

    They could prevent data interception by requiring protocol-level encryption. Again, they are targeting the wrong people, they should deal with the people who make the spec (IETF?). The problem with legislators putting technology laws together is that most of them don't know how any of it works, they just impose rules to get the results they want and don't think about the feasibility of it. They need to ask the tech companies how best to get the results they want before they write up the laws.
    vanfrunikenlatifbp
  • Reply 13 of 29
    Chipsy4Chipsy4 Posts: 10member
    Apple fighting the good fight against tracking cookies.  Once again differentiating themselves from greedy companies like Google who want all the private data they can get.
    Google is part of the coalition Apple joined you know.
    gatorguy
  • Reply 14 of 29
    crowleycrowley Posts: 10,453member
    And yet people are confused why the Brits wanted out of the EU. 
    Cookies definitely had nothing to do with it.
  • Reply 15 of 29
    netroxnetrox Posts: 1,437member
    I really hate the UK cookie law... I am sick of seeing the cookie warnings every time I visit a website in EU. It's annoying as heck. It looks like it's written by old fossils who have no clue about cookies.
    latifbp
  • Reply 16 of 29
    tallest skiltallest skil Posts: 43,388member
    Apple fighting the good fight against tracking cookies.
    And yet you still can’t do anything about removing or spoofing your link referrer in Safari...
    latifbp
  • Reply 17 of 29
    And yet people are confused why the Brits wanted out of the EU. 
    the "English" wanted out. don't tar us all with the same brush. Northern Ireland, Scotland and the Welsh part of Wales (the north, not the english south) all voted to remain.
  • Reply 18 of 29
    latifbplatifbp Posts: 544member
    Like every other EU legislation. Achieves nothing but annoyance,
    Nah. The single currency and free trade, for example, eliminate a lot of annoyance. I had to ship something to Norway last week, more hassle than shipping shipping inside the EU. I remember needing to change money when going on vacation, happy to be rid of that nonsense. Also national legislators are perfectly capable of souvereignly thinking up idiotic laws on their own. The "cookie law" is the result legislators needing to be seen as doing something to solve problems. Anything. If nothing smart is possible then it will just have to be something stupid. The EU is not the only legislator with that problem.




    The EU is very regulation happy. More so than most governing bodies. That's why iPhone pretty CEU's will go up there. Hope you enjoy paying higher prices at the behest of Euro pro-regulation agenda. Or vote for candidates who aren't so anti-US business.
  • Reply 19 of 29
    latifbplatifbp Posts: 544member
    adm1 said:
    And yet people are confused why the Brits wanted out of the EU. 
    the "English" wanted out. don't tar us all with the same brush. Northern Ireland, Scotland and the Welsh part of Wales (the north, not the english south) all voted to remain.
    There are too many regulations or attempts at regulatory overreach by the EU. That's what he was probably referring to. 
    tallest skil
  • Reply 20 of 29
    I hate tracking too, but the law needs to go. Except for some annoyance for users and a bit more for website operators it accomplishes nothing. After reading the warning, agreeing or disagreeing, the user is just as informed as without the warning. It is stupid and pointless.
    Like every other EU legislation. Achieves nothing but annoyance,
    Really? Being able to return things bought online within 14 days, mandated 2 year warranty, no inter-country VAT those are far from annoying. Some of the consumer protection is over reach but to me it's worth it.
    singularity
Sign In or Register to comment.