European Union going fully opt-in on cookies

In another example of stronger individual-level privacy protections in the European Community compared to those in the United States, the EU Council this week approved a law that requires online users to be asked for explicit permission before a cookie is stored on a user’s system. This is a shift from existing EU telecommunications law that requires users to be given a way to opt-out. While the intent of the law is clearly to protect users from a variety of potentially invasive practices such as online behavioral tracking, critics of the provision have rightly suggested that the larger ramifications of the law on economic drivers of Internet operations such as online advertising, as well as impacts on end-user experience if web site visitors are constantly interrupted by prompts seeking their consent to place cookies. Even when ostensibly done to protect users, response to similar security-driven approaches such as the user account control prompts in Windows Vista suggest that this sort of interruption of usability in the name of security is over the line of what is acceptable.