Why it matters: More than a decade ago, Europe rewrote internet rules which effectively forced the entire internet to adopt stricter rules on cookie consent by amending the ePrivacy Directive. Since 2009, from big tech giants, to small personal blogs, and virtually any internet-based organization had to display a "cookie banner" to first-time visitors. Collectively, European users spend an estimated 575 hours every year clicking through those pesky prompts.
The European Commission is preparing to ease the burden of so-called cookie banners, which have frustrated internet users in Europe and beyond for years. According to Politico, the EC recently informed industry representatives and other organizations that Brussels is drafting new amendments to the ePrivacy Directive.
Under current rules, websites must obtain explicit consent before storing any data in cookies. They are also required to provide "clear and comprehensive information" about their practices. The result has been a constant flood of consent banners that greet visitors almost everywhere they go online.
Data lawyer Peter Craddock argues that the barrage of requests for consent has undermined the original goodwill behind the policy. Few users actually read the banners anymore, he warns. If consent becomes the default response to everything, users lose sight of the very privacy risks they are supposed to be weighing.
The European Commission is reportedly considering "tweaks" to the strict cookie banner provisions of the revised ePrivacy Directive. Proposed changes could include adding more exceptions to the consent requirement or allowing users to set centralized cookie preferences directly in their browsers.
Industry representatives are eager to resolve the cookie banner problem once and for all. One possibility is to integrate cookie consent rules into the General Data Protection Regulation (GDPR), another cornerstone of Europe's digital policy framework. Unlike the ePrivacy Directive, the GDPR takes a risk-based approach, allowing companies to adjust privacy safeguards according to the level of risk posed by data processing.
The new lobbying battle in Brussels could have significant implications for EU data protection. Big Tech and online advertisers are pushing for a more deregulated environment, while privacy advocates warn against weakening safeguards. According to Itxaso Domínguez de Olazábal, policy adviser at European Digital Rights, advertisers are particularly invested in cookies because they remain central to targeted advertising.
"Focusing on cookies is like rearranging deckchairs on the Titanic, the ship being surveillance advertising," de Olazábal told Politico.
She added that current laws already provide exceptions for "essential" cookies, meaning there is no justification for extending the rule to other types of data. Tracking, de Olazábal argued, should not be considered essential to the general web experience.