The law was handed down by the Council of the EU, which is the more powerful of the EU's two legislative bodies and roughly equivalent to the United States Senate. The EU's lower legislative body is called the European Parliament.
Cookies are small packets of data that websites install on users computers to keep track of certain types of data. For example, a website might ask users to choose a certain layout when they first visit the site. After users make the choice, the website would install a cookie on their computers so that they don't have to make it again.
This process typically happens instantly and invisibly, but now all European-based websites will only be able to install cookies after the user "has given his or her consent, having been provided with clear and comprehensive information."
The only exception to this rule kicks in when a user's actions inescapably require the installation of a cookie. For example, online stores use cookies to keep track of users' shopping carts. Those sites will not be required to get consent from visitors before installing cookies.
All 27 EU member states will be forced to apply this new law by April 26, 2011 — a task that online guru Brandon "Fight the Patent" said is most likely impossible.
"Some banners use Javascript, where they could have some cookie tagging, but most browsers block third party cookies," he told XBIZ. "And even so, a popup box to ask for permission to save cookies means nothing, since the browsers work differently."
Brandon added that most adult banners don't use cookies the same way mainstream banners do, and so won't be hit as hard by this new law. But at the same time, affiliate marketers working in Europe may encounter some difficulty because of the large role cookies play in tracking affiliate activity.
"There are greater ramifications then the 'good intentions' of this EU bill," he said.
The law came about in response to bad behavior by a pair of European companies, the advertising and content network Phorm.com, and British Telecom. The two companies collaborated on an ad-targeting test that delved deep into users' private data to get results. The resulting outrage from citizens and privacy advocates sparked the passage of this new law.
But is the law too harsh? Some prominent tech pundits think so. Tech lawyer Struan Robertson edits the blog Out-Law.com, and he called the new law "breathtakingly stupid."
"There has been almost no fuss about this little law, despite the harm it could do to advertising, the lifeblood of online publishing," he said. "It also threatens to irritate all web users by appearing at every new destination like an over-zealous security guard."
Burst Media CEO Jarvis Coffin also criticized the law, arguing that it could force advertisers to ignore European markets.
"Any government's instinct to protect its people is understandable and desirable, including on the matter of Internet privacy, but the EU should carefully consider the extent to which such uncompromising privacy legislation will deprive its constituents of a voice in the New Information era by depriving its enablers, the web publishers, the commercial means to make it heard," he said.
In addition, restricting the installation of cookies would have a direct and immediate effect on how search engines work. Sites like Google and Bing use cookies to track consumers' behavior and deliver relevant results accordingly. Some search engines, including Google, have also experimented with social-networking tools like voting, which would also be affected by this new law.