The EU’s Advocate General rules on consent for cookies
Anyone who’s traveled recently to Europe and has used a web browser has seen them: the often intrusive boxes insisting on consent before proceeding to the website. Saying no doesn’t necessarily prevent the user from browsing; it just means that he or she won’t be remembered by the site, and that the same annoying message will pop up again the next time the user accesses the site.
But there’s consent and there’s consent. And the European Union’s advocate general has weighed in on the types of consent and whether they’re valid. On Norton Rose Fulbright’s data protection blog, Lara White, Marcus Evans and Sven Jacobs say that the Advocate General says that “requiring a user to positively untick a box … does not satisfy the criterion of active consent” as it would be impossible to determine objectively whether or not a user has unambiguously given his consent on the basis of a freely given and informed decision. This is because the pre-formulated text next to the box may or may not have been read and/or the user may have omitted to untick the box out of pure negligence.
On another consent question, the authors write, “the Advocate General argues that due to the technical complexity of cookies, the asymmetrical level of knowledge between provider and user and the relative lack of knowledge of any average internet user, internet users cannot be expected to have a high level of knowledge of the operation of cookies. Therefore, a user must be provided with information that is ‘clearly comprehensible’ and not‘subject to ambiguity or interpretation’ as well as ‘sufficiently detailed so as to enable the user to comprehend the functioning of the cookies actually resorted to.”
The bottom line: If you’re doing business online in Europe, be very careful about how your website’s consent to cookies language is phrased.