Active consent required for online tracking in EU

Per TechCrunch:

Europe’s top court has ruled that pre-checked consent boxes for dropping cookies are not legally valid.

Consent must be obtained prior to storing or accessing non-essential cookies, such as tracking cookies for targeted advertising. Consent cannot be implied or assumed.

For consent to cookies to be legally valid the court now says the user must be provided with some specific information on the tracking, namely: How long the cookie will operate, and who their data will be shared with.

It is a big win for users and privacy proponents, but not so much for advertisers and companies. The decision presents a stark difference between EU and US in terms of privacy and user protection. In the US, the FCC allows Internet Service Providers (ISP) to sell your information to advertisers even without your consent. I notice that the argument that if we facilitate businesses to grow, they will do the right things and benefits will trickle down to users is pretty popular in the US. The lack of trust in the government is palpable as well.

While the distrust in the government is valid, the belief that businesses will share wealth with consumers or employees is not practically proven. I haven’t seen any company that chooses consumers/employees over the bottom line. Have you?

Hence, with the latest decision, EU forces the hands of companies to care more about consumers and focus on innovation to grow, instead of just slacking off and preying on the end users.

I mentioned in the past that the three entities, namely business, consumers and governments, form a relationship that keeps one another honest. This case is an example of a government doing its job to protect the people that it is formed to