The debate about privacy compliance has always been a heated one. Add to the mix new European Commission legislation and you have a recipe for not only a lively debate but also a controversy about the interference in privacy of a European bureaucracy.

The recent European Commission cookie law guidelines not only reignited controversy about privacy compliance in Europe and prompted furious debates in the trade press, quality press and tabloids, but also ignited considerable international interest.

This article concentrates on examining the stances which have been taken, their validity and, more importantly, what an enterprise needs to be doing as it turns from merely talking shop to setting and implementing concrete policies on privacy.

What tended to be ignored in the early days of the European Commission's proposals was that the cookies rule was just a small part of a law aimed at safeguarding privacy online and an attempt to protect Internet users from an increasingly aggressive, intrusive and pervasive corporate marketing machine. These are real concerns which have been growing for a number of years and which the European Commission sought to address in its rulings.


It is ironic that the European Commission takes considerable flak for ‘creating’ initiatives when usually it is responding to pressure from below. It was the relative failure of the European Commission's 2003 directive that led to the cookie law.

As international competition begins to heat up and the rapidly emerging markets of India, China and Brazil force companies into become more aggressive in their search for international markets, organisations providing content and obtaining information about users are utilising even more sophisticated and invasive techniques which many people are becoming alarmed about.

The ultimate aim is to protect user privacy to ensure that consent is given for all Internet marketing and a tidal wave of spam is averted. This is a laudable aim and one which should be supported. It should also be pointed out that these are merely a set of proposals—albeit a fairly comprehensive set—of reforms to the EU's 1995 data protection rules to “…strengthen online privacy rights and boost Europe's digital economy,” according to the EU's web site.

The site adds, “Technological progress and globalisation have profoundly changed the way our data is collected, accessed and used. In addition, the 27 EU Member States have implemented the 1995 rules differently, resulting in divergences in enforcement. A single law will do away with the current fragmentation and costly administrative burdens, leading to savings for businesses of around €2.3 billion a year. The initiative will help reinforce consumer confidence in online services, providing a much needed boost to growth, jobs and innovation in Europe.”