Proposed Privacy Laws a Real Threat to the Web

A photo of cookiesThis is a guest post by David Stein, CTO and Cofounder of Burst Media, one of the oldest ad networks. In this opinion piece Dave examines what proposed legislation restricting the use of cookies could mean for web publishers.

Recently, the European Union approved significant legislation that would require web users to consent to internet cookies. This law dictates that cookies can’t be placed on a user’s computer—unless it’s strictly necessary for enabling a specific service requested by the user.

Think about that. How many different ways does your web site use cookies? Session management, content management, preferences, analytics, advertising revenue. Could you imagine prompting your user, “If you would like our site to enable anti-spam and flood control, would you be willing to accept our cookie? “yes/no?”

Among lawmakers in the United States, the same conversation is taking place. Proposed legislation is pending that may place restrictions on cookie usage, as well as collecting information that’s considered personally identifiable.

I’m a founder of an ad network that’s been around since 1995. My company has always done its best to be a good online citizen. Through industry organizations such as TRUSTe, IAB, and NAI, we’re involved with many other companies to ensure that we create and follow best practices. We’ve developed methods that allow a consumer to opt-out of our targeting techniques, and have limited the types of data we collect from web site visitors in our networks. We’ve also visited Washington DC with other ad network representatives, as well as independent publishers, to meet and educate lawmakers; we cover the techniques that we use, the efforts we’re taking to ensure privacy, and the benefits that we create.

But our efforts are not enough. The European Union seems to have issued its directive with little notice, and in Washington similar privacy legislation is being considered. To ensure that the vibrancy of web publishing continues, more people need to let our lawmakers know that this legislation affect the lifeblood of the independent web publisher.

One of the obvious impacts these laws will have on publishers is the potential crippling of their ability to earn advertising revenue. Being unable to use cookies when serving ads will substantially affect the way campaigns perform. At the simplest level, ad servers will be without basic functions such as frequency capping (limiting the number of ads per advertiser shown to an individual) and fraud analysis. More alarmingly, web publishers and ad networks lose the ability to measure conversion rates or serve an ad to a customer that’s expressed prior interest in a topic. Without these capabilities, large brand advertisers—who over the last 15 years have finally become comfortable moving significant marketing budgets to the Internet—will either have to buy far more impressions at much lower prices, or move their campaigns offline in order to meet their marketing goals. This leaves the Internet once again with an abundance of flashing, annoying, “Punch the Monkey” advertising.

Another effect of this legislation is that it may limit the functionality that web publishers are able to use in managing their web site. For instance, third party services such as Webtrends, Google Analytics, Open ID, and applets that plug into your site all use cookies to provide significant functionality. In addition, if the legislation goes as far as limiting all cookies, publishers may find content management systems need a complete overhaul.

Most web publishers will need to become experts in compliance. Many developers shy away from hosting ecommerce sites because of the complexity of keeping the data secure. Imagine if the same requirements to manage credit card numbers were applied to collecting a seemingly anonymous user’s zip code? There are elements of the proposed legislation that could require web publishers to keep all collected information secure, as well as deleting older logs to ensure that your readers could never be identified if your logs turned up in the wrong hands. If you’re a small firm, failure to comply with this legislation could lead to fines that might make or break your business. And if you’re a web publisher you may need a compliance department!

The results of a recent Annenberg study suggest that consumers do not care about whether the ads on the sites they visit are relevant. I have to believe that if the consumers saw the alternative—multitudes of popups or layers that ask for cookie permission, less free content, and more annoying ads—they’d reconsider their opposition to the tools that help create a positive experience for users.

If this new world of annoying ads, less revenue, complex content management, and strict compliance worries you, then you should get involved. You need to call, write, and visit your lawmaker, letting them know that your business will be adversely affected by this legislation. Insist on better ways to prosecute the bad actors in the industry without creating prohibitive regulations on the good citizens.
Publishers need to act together today to protect their future and the interests of their businesses.

Write to your lawmakers! Get in touch with your local representative. In the US, visit http://www.congress.org to become involved.

Feature image by UofSLibrary

Free book: Jump Start HTML5 Basics

Grab a free copy of one our latest ebooks! Packed with hints and tips on HTML5's most powerful new features.

  • Trent

    The government interfering in a perfectly functioning free market? New layers of bureaucracy that prevent the little guy from being competitive? Can you imagine if this happened in other segments of the economy? Say for instance, health care, banking, education, manufacturing, farming, etc…

    Great article, my legislators will be hearing about this. Repeatedly.

  • http://espenliland.no/ Loomy

    This would lead to one thing, and one thing only: Offshore hosting of “illegal”/non-complying websites, just like we see today with various gambling websites and even TV channels.

    That will always be EUs (and the US’) biggest problem – whatever laws they dream up, it’s practicly impossible to make it count worldwide. Especially when it’s a stupid law ;)

  • http://htmlblox.com samanime

    So, if I’m reading this write, you couldn’t use a cookie unless it is involved in an action specifically request by the user.

    Am I also reading the “already passed” part correctly as well?

    This is interesting. I don’t use a huge number of cookies and primarily do any analysis and guest tracking via sessions and databases instead of cookies, so this isn’t a huge blow to me personally.

    None the less, this is still pretty significant and is going to cause all kinds of commotion. Not only that, but it’s going to be bringing about tons of lawsuits and the like related to this, against people that had no clue this was now a law, or even more likely, those that can’t change it quickly enough for whatever reason.

    Things are heading in an “interesting” direction for the Internet lately, that’s for sure…

  • tom_dot

    The law for the EU seems pretty unclear, so opinion is divided on what it actually means. The law talks about consent after a warning, but the introduction to the law implies that your browser’s cookie settings are implied consent.

    Then of course it gets more complicated as it’ll be down to individual countries to draft law implementations based on this law. So how everyone will interpret it is pretty up in the air.

    The aim of this part of the law seems to be to prevent “spy cookies”* and make the web safer… but the wording seems to leave a lot to be desired.
    *whatever they are.

  • David Stein

    The following is a link to the Annenberg study mentioned above:
    http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1478214

    The results of the questions that were asked are obvious. It is like asking someone, “do you want to receive advertising when you watch TV?” It is ignoring the basis for why the advertising exists in the first place…. to compensate the creator of the content.

  • SpacePhoenix

    What if the permission for use of cookies was written into a site’s terms of use agreement?

  • http://www.calcResult.co.uk omnicity

    Could we please try and get a similar piece from someone on the other side of the argument? The reason behind this legislation is the same in both cases – definite abuse from the shadier ends of the advertising market, and possibly from the main-stream end as well, so one of the big questions is whether or not it will be effective.