Ad trade body condemns 'illegal' cookie respawning

Out-Law News | 08 Oct 2010 | 3:57 pm | 2 min. read

Advertising trade body IAB Europe has condemned the use of technology that reverses consumers' deletion of tracking cookies. It has told advertisers not to engage in the practice, which it called 'unacceptable' and said was probably illegal.

The European wing of international digital advertising industry body the Interactive Advertising Bureau has said that though advertisers depend on web user tracking to target adverts, rejecting and deleting that tracking is an important consumer right.

Cookies are small files stored in web users' browsers that allow websites and advertising networks to identify a user's activity on that and other sites. Web users can delete cookies or set browsers not to accept them to avoid such tracking.

Last year it emerged, though, that it was possible to use code hidden in Adobe's near-ubiquitous Flash media player to 'respawn' cookies so that users could be identified again.

IAB Europe has said that advertisers should not engage in the practice.

"Re-spawning is clearly an unacceptable practice because it circumvents the users’ expressed choice not to have that cookie present on their machine," said a statement from the trade body. "IAB Europe therefore also considers re-spawning to be illegal under existing European and national EU Member States’ Data Protection rules."

"IAB Europe calls on all businesses and other bodies not to engage in re-spawning to bypass users’ expressed choices, and to take measures to address and /or eliminate re-spawning when they learn of its use, which could include referrals to IABs or Data Protection Authorities for resolution," said the body.

"IAB Europe will be working with its national associations to i) provide information where to report cases of re-spawning and ii) facilitate referral of such cases when complaints reach the IAB," it said.

Other kinds of web technology can engage in tracking, but IAB Europe has urged advertisers only to use technologies which provide the same kind of user transparency and control as HTTP cookies.

"We work hard to protect lawful business practices across Europe and will not allow individual companies to jeopardise the trust and confidence that our membership has built with their European users," said IAB Europe vice president Kimon Zorbas. "Companies must respect users’ choices. In the connected internet, where web sites collaborate with many third parties, such illegal practices pose a problem not only for one sector but for the entire online industry." Researchers at the University of California, Berkeley discovered last year that Flash cookies can measure and report users' behaviour even when normal HTTP cookies had been deleted or disabled.

Researchers found that 54 of the 100 most popular sites on the internet used Flash cookies, but that only four sites mention them in their privacy policies.

It found that the flash cookies on several of those sites 'respawn' HTTP cookies, meaning they store information and write it into HTTP cookies on a person's revisit to that site, even if that person has told their computer to delete HTTP cookies.