Unedited news and product information from vendors.
'Bittersweet Cookies': New Types of 'cookies' Raise Online Security & Privacy Concerns in EU Agency Paper
Feb 17, 2011 (06:02 PM EST)
BRUSSELS and HERAKLION, Greece, February 18, 2011 /PRNewswire/ -- The EU's 'cyber security' Agency ENISA has published a paper on the security and privacy concerns regarding new types of online 'cookies'. The advertising industry has led the drive for new, persistent and powerful cookies, with privacy-invasive features for marketing practices and profiling. The Agency advocates e.g. that both the user browser and the origin server must assist informed consent, and that users should be able to easily manage their cookies. The Agency recommends a thorough study of different interpretations in the Member States, once the Directive 2009/136/EC Directive 2009/136/EC ( http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2009:337:0011:0036 :En:PDF) has been implemented, by 25 May 2011.
The new type of cookies support user-identification in a persistent manner and do not have enough transparency of how they are being used. Therefore, their security and privacy implications are not easily quantifiable. To mitigate the privacy implications, the Agency recommends, among other things, that:
The Executive Director of ENISA, Prof. Udo Helmbrecht (http://www.enisa.europa.eu/about-enisa/structure-organization/executive-dire ctor) underlines;
"Much work is needed to make these next-generation cookies as transparent and user-controlled as regular HTTP cookies, as to safeguard the privacy and security aspects of consumers and business alike".
Dr. Jose Fernandes, Director of Department for Development Support and Academia, Microsoft Portugal, stated "Every year more businesses come online using the Internet. [...] Security and privacy are key to make this happen, so end-user and business people can fully trust online services. ENISA has a great role to play in this space and I congratulate them to put forward this study."
The EU Member States (MS) must transpose Directive 2009/136/ (http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2009:337:0011:003 6:En:PDF)EC Directive 2009/136/ECinto national law by 25 May 2011. It underlines the need for a valid consent by the user and that users receive prior and clear information. Thus, the Agency advocates for a study of the MS' implementation measures after the transposition deadline.
For full paper; http://www.enisa.europa.eu/act/it/pat, or http://www.enisa.europa.eu/act/it/library/pp/cookies/
(Due to the length of the URLs, it may be necessary to copy and paste the hyperlinks into your Internet browser's URL address field. Remove the space if one exists.)
SOURCE ENISA - European Network and Information Security Agency