'Bittersweet cookies': new types of 'cookies' raise online security & privacy concerns in EU Agency paper

Heraklion, Crete, (PresseBox) - The EU's 'cyber security' Agency ENISA has published a paper on the security and privacy concerns regarding new types of online 'cookies'. The advertising industry has led the drive for new, persistent and powerful cookies, with privacy-invasive features for marketing practices and profiling. The Agency advocates e.g. that both the user browser and the origin server must assist informed consent, and that users should be able to easily manage their cookies. The Agency recommends a thorough study of different interpretations in the Member States, once the Directive 2009/136/EC Directive 2009/136/EC has been implemented, by 25 May 2011.

The new Agency Position Paper identifies and analyzes cookies in terms of security vulnerabilities and the relevant privacy concerns. Cookies were originally used to facilitate browser-server interaction. Lately, driven by the advertising industry, they are used for other purposes; e.g. advertising management, profiling, tracking, etc. The possibilities to misuse cookies both exist and are being exploited.

The new type of cookies support user-identification in a persistent manner and do not have enough transparency of how they are being used. Therefore, their security and privacy implications are not easily quantifiable. To mitigate the privacy implications, the Agency recommends, among other things, that:

- Informed consent should guide the design of systems using cookies; the use of cookies and the data stored in cookies should be transparent for users.
- Users should be able to easily manage cookies: in particular new cookie types. As such, all cookies should have user-friendly removal mechanisms which are easy to understand and use by any user.
- Storage of cookies outside browser control should be limited or prohibited.
- Users should be provided with another service channel if they do not accept cookies.

The Executive Director of ENISA, Prof. Udo Helmbrecht underlines;

"Much work is needed to make these next-generation cookies as transparent and user-controlled as regular HTTP cookies, to safeguard the privacy and security aspects of consumers and business alike".

Dr. José Fernandes, Director of Department for Development Support and Academia, Microsoft Portugal, stated "Every year more businesses come online using the Internet. [...] Security and privacy are key to make this happen, so end-users and business people can fully trust online services. ENISA has a great role to play in this space and I congratulate them for putting forward this study."

The EU Member States (MS) must transpose Directive 2009/136/EC into national law by 25 May 2011. It underlines the need for valid consent by the user and users receive prior and clear information. Thus, the Agency advocates for a study of the MS' implementation measures after the transposition deadline.

For full paper; http://www.enisa.europa.eu/... and context: http://www.enisa.europa.eu/...

Press releases you might also be interested in

Weitere Informationen zum Thema "Sicherheit":

Warum Abschottung keine Lösung ist

Weil in­du­s­tri­el­le Netz­wer­ke im­mer wei­ter wach­sen und sich ver­net­zen, müs­sen In­stand­hal­ter im­mer mehr zu IT-Ex­per­ten wer­den. Doch die aus der IT be­kann­ten Schutz­maß­nah­men müs­sen für die In­du­s­trie neu über­dacht wer­den.

Weiterlesen

Subscribe for news

The subscribtion service of the PresseBox informs you about press information of a certain topic by your choice at a choosen time. Please enter your email address to receive the email with the press releases.

An error occurred!

Thank you! You will receive a confirmation email within a few minutes.


I want to subscribe to the gratis press mail and have read and accepted the conditions.