The initiative probably will not be adopted until spring or become effective until the spring of 2003. But it might have immediate implications for those planning to expand operations or begin new projects overseas. In addition to prohibiting data tracking using cookies, Web bugs and other tools, the directive could affect targeted e-mail and similar unsolicited advertisements. The practice of collecting personal data would also change by requiring that users opt in to, rather than opt out of, information-gathering systems.
Though the projected changes are intended to protect consumers from invasion of privacy and eliminate the nuisance of spam, they may force the redesign of Web sites or the rewriting of privacy policies and other agreements. E-businesses might even need to renegotiate arrangements with outsourced advertising and Web-hosting partners.
For now, this ruling is simply being sent to the E.U. Council of Ministers for further review. Even if it ultimately passes, it may not directly impact U.S. businesses. That said, consider the impact this could have on those companies that are affected. For example, Microsofts emerging .Net platform offers a cookie-supported Passport service that allows a user to access personal data for use on any participating Web site with only a single entry of his or her e-mail address and password. The obvious advantage of this proposal is that it offers the ease and security that users want but do not have.
The short-term issue is how this program and many like it will work without existing tracking devices if they are forbidden in Europe. The longer-term issue is whether we need those cookies for the milk and honey to return.
Ari Kaplan is an attorney with McDermott, Will & Emery, in New York. E-mail him at [email protected] This material is intended for reference only and should not be construed as legal advice.