View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
December 2, 2014

EU data watchdog calls for rules on device fingerprinting

The latest recommendation in the EU’s effort to enforce online privacy regulations.


The EU’s privacy watchdog has warned website companies that device fingerprinting should be in line with similar data protection rules as web cookies in an ongoing effort to enforce privacy regulations.

The pan-European Article 29 Working Group released a guidance report recommending that device fingerprinting should be bound by the same rules as cookies and only deployed after approval by the user.

A device fingerprint is information collected about internet connected devices, such as smartphone apps, e-book readers and smart meters, for the purpose of tracking activity on the device, the same as with cookies.

The data can be used by web firms in order to gather information on a visitor to their site and then track users over time for ad targeting without their control.

"This Opinion expands upon the earlier Opinion 04/2012 on Cookie Consent Exemption and indicates to third-parties who process device fingerprints which are generated through the gaining of access to or the storing of information on the user’s terminal device that they may only do so with the valid consent of the user (unless an exemption applies)," the WP29 device fingerprinting report said.

The report added that device fingerprinting can also "operate covertly", compared to the use of cookies.

"There are no simple means for users to prevent the activity and there are limited opportunities available to reset or modify any information elements being used to generate the fingerprint. As a result, device fingerprints can be used by third-parties to secretly identify or single out users with the potential to target content or otherwise treat them differently."

Content from our partners
How to combat the rise in cyberattacks
Why email is still the number one threat vector
Why HR must take firm steps to become a more data-driven function

The UK Information Commissioner’s Office, which installed the cookie rules locally in 2012, also explained that the same rules will apply to device fingerprinting.

"The ICO has always been clear that the law around cookies also applies to similar technologies," said a spokesperson.

"The Article 29 opinion adopted this week, which the ICO played a key role in drafting, confirms that digital fingerprinting can be such a technology.

"Digital fingerprinting can access information stored on a user’s machine in a similar way to a cookie, for a range of purposes. With that in mind, it is sensible to consider that the law can apply to some uses of digital fingerprinting in the same way it does to cookies."

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy