BERLIN — Watchful European privacy regulators are wielding increasing influence beyond the Continent’s borders. Last week, they pressed Google, as they had Apple, to change the way it collected data on cellphone locations worldwide.
But there is one area where even European regulators appear stymied — the tracking of consumer Internet surfing habits by technology companies, advertisers, Internet service providers and Web businesses that focus on consumers on the basis of online behavior.
For 18 months, the European Commission has been considering how to put into practice a 2009 law that regulates software cookies, the unique digital markers that Web sites place on visiting computers to identify consumers and deliver ads tailored to individual interests.
This year, a consensus appeared to be building in Brussels for letting the online advertising industry regulate its use of cookies. The main industry group, the Interactive Advertising Bureau Europe, set up a Web site this summer to let consumers choose not to receive — “opt out” of — receiving advertisements directed as a result of profiling.
The idea was conceived in a series of roundtable meetings this year by Interactive Advertising members and Neelie Kroes, the European commissioner responsible for electronic privacy. The site, called youronlinechoices.eu, is supported by members of Interactive Advertising — the majority of online advertisers.
But regulators representing E.U. member states, backed by consumers’ rights groups, are balking at the voluntary arrangement, which they argue does not adequately protect individuals from unwittingly permitting marketers to collect personal data. Last week, they began a drive to require E.U. consumers to “opt in” to profiling by clicking on Web icons within ads.
Consumer advocates hope to insert an opt-in mandate in the revision of the European Union’s Data Protection Directive, the main body of privacy law, which will be considered next year.
“We believe that by having consumers opt in, rather than opt out, they will be better protected and informed about what happens with their information,” said Kostas Rossoglou, a senior legal officer at the European Consumers’ Organization, a Brussels group.
An opt-in requirement would be cumbersome, Web advertisers argue, requiring a layer of pop-up windows, and could kill a popular, growing form of online advertising.
The opt-out “fits with the needs of today’s Internet users,” said Stephan Noller, chief executive of a Berlin ad firm, nugg.ad, who heads Interactive Advertising’s policy committee. “Information is provided contextually where relevant and is instantly available. We use the dynamism and interactivity of the Internet to provide pragmatic privacy control.”
According to Interactive Advertising, online advertising generated revenue of €17.7 billion, or $24.4 billion, in Europe in 2010. The bureau has no estimate on how much of that was behavioral ads. But a 2010 survey by AWeber Communications, a company in Huntingdon Valley, Pennsylvania, found that two-thirds of merchants intended to use such advertising.
On Wednesday, the privacy advisers to the commission, a panel of national regulators called the Article 29 Working Party, held a closed-door meeting with members of Interactive Advertising and other industry groups to discuss concerns about industry self-regulation. After the meeting, the panel reiterated its belief that the opt-out approach violated European privacy law, which requires consent before personal data can be used.
A consumer’s failure to opt out of behavioral ads, the panel said in its statement, is not a form of implicit consent, which is the position held by the industry.
“Only statements or actions, not mere silence or inaction, constitute valid consent,” the Article 29 panel said in a statement released after the meeting. The group is planning to make a recommendation this year that may call for more stringent controls.
The European commissioner in charge of revising the bloc’s data protection law, Viviane Reding, said she was also likely to call for a form of prior consent in her draft of the new data protection legislation, which will not be completed until early next year.
“Companies must obtain prior consent before individuals’ data is used,” Mrs. Reding said in a statement released by her office.
Article source: http://feeds.nytimes.com/click.phdo?i=42b9fe5c370563e61cbcb3c56130430a