library Email this page members only
about uscib global network what's new
Home Policy Advocacy: USCIB Committees and Working Groups Dispute Resolution: USCIB and ICC Arbitration Calendar of Events: USCIB and Partner Events Trade Services: USCIB Services to Facilitate U.S. Exports/Imports ATA Carnet: USCIB's Duty-Free and Tax-Free Temporary Exports/Imports

Committee Officers






Corporate Responsibility

Customs & Trade Facilitation



European Union

Financial Services

Food & Agriculture

Health Care

Information, Communications & Technology

Intellectual Property

Labor & Employment

Marketing & Advertising


Product Policy


Trade and Investment


contact us
membership info
membership info

Positions & Statements

USCIB Letter to European Commission on “Cookies” and Protection of Privacy in Electronic Communications

March 19, 2002

Mr.  Erkii Liikanen
Commissioner for Enterprise and Information Society
Rue Wiertz
1047 Brussels

Dear Commissioner Liikanen,

Thank you for responding to my letter of October 9, 2001 expressing our general views on the Draft Directive on processing personal data and the protection of privacy in the electronic communications sector (500PC0385).  Although some of our concerns have been addressed in adopted amendments by either the Parliament or Council, several persist.  We encourage you to reconsider the issues mentioned in my first letter.

Following our initial comments to you and Commissioner Bolkestein, an amendment was made to the text requiring web site operators who wish to send cookies to users’ terminal equipment to inform them about it and to give them the right to refuse (opt-out) to receive the cookie or similar devices.  While these obligations are certainly a fair compromise between users’ privacy rights and legitimate business needs, we believe that complying with the obligation to provide notice and information on opting out before the web site operator sends the cookie to the Internet user will interfere with the functionality of the Internet and discourage its usage.

The technical implications of providing the requisite information before the cookie is sent would have a severe impact on consumers’ use and enjoyment of the Internet and web sites. Web sites would have to be reprogrammed to provide for pop-up windows to appear before an Internet page is made accessible to the Internet user, causing unnecessary financial burdens to web site owners and inconvenience and frustration for users.  The impact of this requirement would most severely affect European companies, as non-EU-based web sites would not be subject to this directive and therefore not be forced to compromise their functionality or user-friendliness.

In your response to my letter, you reminded me that the proposed directive is intended to apply the principles of the general 95/46/EC Directive.  However, while Article 7 of 95/46/EC permits data processing on the basis of consent, it does not specify the timing of that consent.  Therefore, to be in accordance with Directive 95/46/EC, it is not necessary for Article 5.3 of the draft directive on the electronic communications sector to require web operators to obtain prior consent. Equally, Article 10 of Directive 95/46/EC, which sets forth the information that must be provided to individuals when private data is collected from them, does not include any reference to the question of when such information must be provided.  We believe that the damaging effects of Article 5.3 as described above would be greatly lessened by requiring the “prompt” provision of information on cookies as opposed to “prior” or “in advance.”  This information could be provided via a company’s privacy policy or home page which describes a web site’s use of cookies and instructs a user on how to configure the available tools, such as a browser, to control processing in relation to cookies.

In addressing cookies in the proposed directive, we encourage you to keep in mind that there are different kinds of cookies, most of which provide for a more user-friendly Internet experience.  By remembering a user’s login name or language preferences or enabling the user to carry out transactions over the Internet more easily, cookies allow users to surf the Internet in a more efficient and personalized way, thus enhancing their on-line experience without infringing on their privacy.  Without these tools, online features such as shopping baskets, personalization, load balancing, and traffic analysis would all be adversely affected, and customer service would surely suffer.  Cookies are also necessary to record a user’s preference not to receive such devices in the future from a web site.  Otherwise, users will have to be presented with the option to refuse cookies on every visit to a web site, even after having opted-out. 

Most importantly, consumers should be aware that this technology also enables web site operators to ensure the safety and security of its users.   Many websites use cookies to verify the identity of a registered user during a transaction to monitor their sites to keep bad actors out.  Without them, online companies would find themselves with no way to combat online fraud, protect intellectual property rights, and prevent ID theft.  Furthermore, consumers should recognize that cookies do not collect personal information on their own.  Rather, to fully take advantage of the personalization and facilitation that cookies provide, a user must enter his or her personal information during a registration or other request for information by the web site.  Finally, many cookies used to monitor aggregate web usage are deleted from the user’s terminal once they log off.

Considering these factors, the proposed directive should ensure that cookies are used for legitimate purposes, as described above, and with the knowledge of the user.  This can be achieved by requiring web operators to include information on their use of cookies and similar devices and how to refuse such devices, if the user so-decides, within their privacy policy or elsewhere on their site. In doing so, web users can be educated and empowered to control what is placed on their computers without sacrificing their privacy or the smooth functioning of the Internet.


Thomas M.T. Niles

cc:  Commissioner F. Bolkestein