Europe's top regulatory authority is taking five E.U. countries to court for failing to implement so-called cookie laws.
The European Commission announced on Thursday that it has asked the European Court of Justice to impose fines on Belgium, the Netherlands, Poland, Portugal and Slovenia for not transposing binding telecoms rules into their national laws. The official deadline for doing so was May 25 last year.
These telecoms rules are aimed at protecting users' privacy online. They also require companies to notify users about any data breach without undue delay and to allow customers to switch fixed or mobile phone operators without changing their phone number, within one working day.
But the main sticking point in the telecoms package appears to be the requirement for Web companies to obtain "explicit consent" from Internet users before storing cookies. Cookies are tiny pieces of software that are installed on the user's computer to remember log-in details and other preferences relating to a particular website. But they can be used to target advertising based on browsing history.
Many companies are reluctant to implement the measures asking for users' consent to cookies because they fear losing effective tracking information about their website. The only exception from the consent rule is if cookies are "strictly necessary" for a service explicitly requested by the user, for example, when a user clicks the 'add to basket' button to buy goods from a website or asks it to remember language preferences.
What "consent" to cookies requires in practice is not defined in detail in the directive, hence the difficulty in transposing it into national law.
The Commission on Thursday asked for daily penalties of between a!13,063 and a!112,190 (US$16,250 to $139,567) to be imposed on the five countries according to the gravity of the infringement and the size of the member state concerned. However, the Commission may drop the case if the countries show that they are taking appropriate steps to rectify the situation.