Europe Leads the Way in Online Privacy Protection

May 17, 2012

EU CookiesThe European Union (EU) has classified Internet “cookies” and other systems that monitor online activities of individuals to be within the scope of the EU’s Data Protection Act, to the extent that those systems process personally identifiable information. 

This means that cookies capturing information which can be associated with specific people must be managed in a manner that complies with the data protection obligations established by the Act.

The EU’s approach to privacy with respect to online monitoring and tracking systems will likely have substantial impact on Internet practices and consumer expectations outside of Europe.

Cookies and other technologies are widely applied to identify and monitor the online activities and interests of individual Internet users. 

Those technologies can be helpful for consumers by making their online transactions faster and easier.

Yet at the same time, online monitoring systems also collect and distribute a wealth of personal information about individuals. 

Frequently, the individuals involved are not fully aware of the information being collected, the parties who will have access to that information, and the uses for which the information is being applied.

The online collection, distribution, and processing of personal information now constitutes a multi-billion dollar global industry.

The EU’s Data Protection Act establishes basic rights of protection and control for individuals with respect to information that can be specifically associated with them.

The Act also imposes obligations on parties who capture, distribute, or use personal information.

Under the Act, protected personally identifiable information includes a variety of materials including account numbers, e-mail addresses, and telephone numbers.

The Act grants individuals a range of rights, including the right to be informed of information collection and use practices, the right to choose the personal information they will disclose, and the right to review and modify personal information that has been collected.

The obligations imposed by the Act on parties who collect or use personal information include duties of notice and security.

By classifying cookies and other online monitoring and tracking systems to be within the scope of the Act, the EU extended its data privacy rights and obligations to a diverse set of information which includes personal data that individuals are often not even aware that they are disclosing.

This is an important step, as it recognizes that effective privacy protection must include management of new forms of personal information and information that individuals are not knowingly disclosing.

The EU’s action is also highly significant as it, in effect, creates a global standard for online privacy. 

Many companies and other organizations not based in Europe must, nonetheless, comply with the EU standards as they conduct business in that part of the world.

As those organizations implement EU-compliant processes and practices for their European online tracking and monitoring activities, it is likely that they will extend those processes and practices to their operations outside of Europe, as well. 

Finally, as individual Internet users, legislators, and regulators outside of Europe become aware of the EU’s privacy requirements for online monitoring systems, it is likely that they will demand and implement similar measures for protection of online privacy.

The EU has thus assumed a role of global leadership in the field of protection of online privacy.

Finally, as individual Internet users, legislators, and regulators outside of Europe become aware of the EU’s privacy requirements for online monitoring systems, it is likely that they will demand and implement similar measures for protection of online privacy.

The EU has thus assumed a role of global leadership in the field of protection of online privacy.