Policy Observatory

According to the Electronic Frontier Foundation briefing, Flash cookies are stored outside the browser’s control and users cannot view or delete them. Nor are users notified when the cookies (which have no expiry date) are set. Flash cookies can track users in all the ways traditional old-style cookies do, but they can be stored or retrieved whenever a user accesses a page containing a Flash application – which is almost every page that most people access.

Google has lost a Court of Appeal bid to stop consumers having the right to sue in the UK over alleged misuse of privacy settings.

The case revolves around a so-called Safari workaround, which allegedly allowed Google to avoid the Safari web browser's default privacy setting to place cookies, that gathered data such as surfing habits, social class, race, ethnicity, without users' knowledge. A group of users claim that Google bypassed security settings on the Safari browser to install tracking cookies on their computers in order to target them with advertising.

The most significant change is the introduction of a lighter regime for cookies that (a) are used to gather information on the quality and effectiveness of a requested service; and (b) have little or no effect on the privacy of the user of the service. For these cookies (e.g. analytic cookies, affiliate cookies and a/b testing cookies), the standard requirements for cookies (informing the user and obtaining consent) are no longer required. For tracking cookies or similar technologies the duty to inform individuals and request consent remains in effect.

The CNIL said Facebook's tracking of non-users by placing cookies on their browser without informing them when they visit a Facebook page did not comply with French privacy law. It also said that Facebook uses cookies that collect information and is then used for advertising without Internet users' consent. CNIL also stated that Facebook users should have the option of preventing the social network from profiling them in order to serve them personalized ads. In response, the social network states that the tracking of non-users is done for commercial and not security purposes as previously claimed. Facebook put in place additional control tools which enables compliance with CNIL’s requirement for the data subject’s consent. Users can now request that Facebook advertisements do not appear outside the social network while non-users can request not to be tracked by filling a form on the website of the European Interactive Digital Advertising Alliance.

On Tuesday 10 January, the European Commission put forward a series of new texts on personal data protection in the EU. It includes the upcoming ePrivacy Regulation which will frame the confidentiality and security of our electronic communications, as well as the famous internet cookies, among other things. Before the legislative process had even started, lobbies from the digital industry and telecom operators collaborated closely to water down as much as possible the reform that was supposed to not only provide better security and confidentiality to electronic communications, but also to give users control of their data back.