Introduction: Policy and Regulation
Public and private sector regulation represents a significant push for increased internet privacy with respect to cookies. Most solutions are still quite young, since cookie privacy has only recently gained attention from the public sphere.
Legislators and regulators have created a few high profile proposals, some of which have become law. The most comprehensive anti-tracking law is the European Union's Cookie Privacy Directive, which regulates cookie usage across all European Union member states. The United States does not have a federal cookie privacy law as of 2014, but congress has considered numerous bills since 2007. California is currently the only jurisdiction with a cookie privacy law on the books as of January 1, 2014.
The United States Federal Trade Commission proposed guidelines for a standard whereby companies would agree not to track users. This "Do Not Track" system gained support from public and private organizations, but received opposition from online advertising companies. Fragmentation and disagreement within the standardization groups has halted all progress on the standard.
The lack of cookie regulation comes from how difficult it is to legislate cookies. Separating invasive tracking cookies from cookies essential to a website's functionality is challenging. Many websites providing useful services are only effective because of cookies tied to a specific user. For example, an online store that remembers what you have in a virtual shopping cart needs to remember your personal information and what you are thinking of purchasing. The internet's size is also a contributing factor to regulation's ineffectiveness. Anyone with technical skills can create a website that uses cookies, while most public and private regulatory bodies have limited manpower to monitor local websites.
So far, no regulatory body has been able to define the optimal balance between user privacy, cookie-enabled features, and regulatory efficacy. The majority of proposals to date have either been too restrictive and impractical or largely unenforceable. Cookies are so highly ingrained in the internet that it would take a surgical approach to find the perfect balance. Regulation, on the other hand, approaches the solution bluntly and broadly.
Legislators and regulators have created a few high profile proposals, some of which have become law. The most comprehensive anti-tracking law is the European Union's Cookie Privacy Directive, which regulates cookie usage across all European Union member states. The United States does not have a federal cookie privacy law as of 2014, but congress has considered numerous bills since 2007. California is currently the only jurisdiction with a cookie privacy law on the books as of January 1, 2014.
The United States Federal Trade Commission proposed guidelines for a standard whereby companies would agree not to track users. This "Do Not Track" system gained support from public and private organizations, but received opposition from online advertising companies. Fragmentation and disagreement within the standardization groups has halted all progress on the standard.
The lack of cookie regulation comes from how difficult it is to legislate cookies. Separating invasive tracking cookies from cookies essential to a website's functionality is challenging. Many websites providing useful services are only effective because of cookies tied to a specific user. For example, an online store that remembers what you have in a virtual shopping cart needs to remember your personal information and what you are thinking of purchasing. The internet's size is also a contributing factor to regulation's ineffectiveness. Anyone with technical skills can create a website that uses cookies, while most public and private regulatory bodies have limited manpower to monitor local websites.
So far, no regulatory body has been able to define the optimal balance between user privacy, cookie-enabled features, and regulatory efficacy. The majority of proposals to date have either been too restrictive and impractical or largely unenforceable. Cookies are so highly ingrained in the internet that it would take a surgical approach to find the perfect balance. Regulation, on the other hand, approaches the solution bluntly and broadly.