One of the more controversial provisions of the 2009 update to the ePrivacy laws was the requirement that websites targeting EU readers should request permission before setting cookies.
Under the new draft, that requirement will be softened in a number of ways. Sites can look at browser settings allowing or rejecting cookies and apply those without having to ask the user, while cookies essential to the operation of a site can be set without notice. The preamble to the regulation gives examples of essential uses, such as to remember language preferences, or to keep track of users' input when filling in forms over several pages.
But there are some warning signs: "Cookies can also be a legitimate and useful tool, for example, in measuring web traffic to a site," the draft's preamble notes without further explanation. Most website visitors would not object to their visit being counted in this way by the site's operator, which is already aware of it. The privacy issues arise when information about the visit is tracked by a third party, correlated with all the other sites visited by the same user, and then sold on to others.
Sign up for CIO Asia eNewsletters.