The EU cookie Law "is a disaster" according to HP's privacy officer EMEA, Daniel Pradelles.
The law is part of the EU Directive on Privacy and Electronic Communications, and means that websites need to obtain users' consent before installing cookies on their PCs, which could potentially be used to glean information about their browsing activities.
Further reading Analysis: EU cookie law puts analytics under scrutiny Half of UK organisations not compliant with EU cookie law EU cookie law is a 'restraint to trade online', says online retailer
Recently, consultants KPMG found that more than half of UK organisations were still not compliant with the EU "cookie directive", a year after the legislation was introduced.
But Pradelles suggested that the UK was still far ahead of its French and German counterparts in enforcing the directive, and that the law itself had not been implemented in the same way across different European regions.
"The cookie law is frankly a disaster - no country has implemented the cookie law in the same way. The UK did it, and people question the way it has been done, but a lot of other countries including France are not so clear [on how the law should be put into practice]," he said.
Pradelles added that the cookie law shouldn't be linked to a specific technology as tracking and profiling citizens can be done using other older technologies as well as cookies.
"The question is not about what technology it is. It is about what is known and what is the purpose. If a company used [analytics] technology for monitoring how the website is performing to improve the navigation from page to page, there would be no issue with that, it is perfectly legitimate. But when companies place a cookie on the PC of the user with the purpose of tracking and monitoring everything that the user is doing, not only on one site but different websites, and doing something that is not expected by the user, this is completely different," he said.
HP's EMEA data privacy officer said that commercial organisations should have a "purpose banner" that specifically asks: "Do you want to have advertising tailored to your navigation".
He said that HP has a clear banner that states what third-party advertising, first-party advertising and analytical cookies are, and gives the user a choice as to what to do next. But there has been growing concern within the IT industry that consumers simply accept the terms of the UK cookie law as they see it as a hindrance.
Pradelles said that commercial organisations tend to assume that customers should understand "everything", but that they shouldn't expect them to understand the complexity of the technology used. He said it was up to the technology companies to ensure that privacy is thought about before rolling out a new technology.
"This is why companies should think not only in terms of compliance with the law but also of the potential risks, harms and expectations they may create with new technology. When Google developed Street View, which was fantastic and very beneficial to so many of us, it should have asked itself 'is it right to take pictures of people and publish them'. The blurring of the pictures should have been done from the beginning, it's about privacy by design," he said.
