EU ePrivacy Plans May Imperil Web Tracking, Targeted Ads Model

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Stephen Gardner

Companies operating in the European Union that deploy website user tracking may already be violating privacy rules and, with a more stringent law on the horizon, may need to rethink their business models, privacy professionals and EU officials said Nov. 8.

“An entire business model that has been extremely prevalent for a number of years is illegal” in the EU, Omer Tene, an International Association of Privacy Professionals vice president, said at the organization’s Europe Data Protection Congress 2017 in Brussels.

Many online services, including social networks and content publishers, employ cookies—packets of data websites use to save information on and identify users or computers—to target internet users with advertising and other communications.

The present EU ePrivacy Directive (2002/58/EC) already “explicity bans” such tracking without informed, specific, and freely given consent, Ralf Bendrath, a senior advisor to Jan Philipp Albrecht, the German member of the European Parliament who oversaw the passage of the EU’s new general privacy regime, the General Data Protection Regulation (GDPR), said.

The ePrivacy Regulation—planned to replace the Directive—is designed to make clear that online companies can’t bar access to a service if personal data collection via cookies isn’t necessary to provide that service and users don’t consent to it, Karolina Mojzesowicz, deputy head of the European Commission’s data protection unit, said during a conference panel.

The European Parliament recently approved a version of the ePrivacy Regulation with even tougher cookies consent provisions. EU member countries are now discussing the proposal.

The prospect of tougher consent rules and more uniform enforcement across the EU under an oversight scheme aligned with the GDPR has led companies to argue that the model of free access to online services funded by targeted advertising could be undermined.

Bojana Bellamy, president of the Centre for Information Policy Leadership in London, told Bloomberg Law Nov. 8 that companies voicing such concerns are “not crying wolf.” Rules on consent for tracking cookies “have been interpreted in a relaxed fashion,” she said, “but it’s going to be much harder” for advertising-funded services under the ePrivacy Regulation.

To contact the reporter on this story: Stephen Gardner in Brussels at

To contact the editor responsible for this story: Donald G. Aplin at

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law: Privacy & Data Security