View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
December 2, 2014

EU data watchdog calls for rules on device fingerprinting

The latest recommendation in the EU’s effort to enforce online privacy regulations.

By Amy-Jo Crowley

The EU’s privacy watchdog has warned website companies that device fingerprinting should be in line with similar data protection rules as web cookies in an ongoing effort to enforce privacy regulations.

The pan-European Article 29 Working Group released a guidance report recommending that device fingerprinting should be bound by the same rules as cookies and only deployed after approval by the user.

A device fingerprint is information collected about internet connected devices, such as smartphone apps, e-book readers and smart meters, for the purpose of tracking activity on the device, the same as with cookies.

The data can be used by web firms in order to gather information on a visitor to their site and then track users over time for ad targeting without their control.

"This Opinion expands upon the earlier Opinion 04/2012 on Cookie Consent Exemption and indicates to third-parties who process device fingerprints which are generated through the gaining of access to or the storing of information on the user’s terminal device that they may only do so with the valid consent of the user (unless an exemption applies)," the WP29 device fingerprinting report said.

The report added that device fingerprinting can also "operate covertly", compared to the use of cookies.

"There are no simple means for users to prevent the activity and there are limited opportunities available to reset or modify any information elements being used to generate the fingerprint. As a result, device fingerprints can be used by third-parties to secretly identify or single out users with the potential to target content or otherwise treat them differently."

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
How hackers’ tactics are evolving in an increasingly complex landscape

The UK Information Commissioner’s Office, which installed the cookie rules locally in 2012, also explained that the same rules will apply to device fingerprinting.

"The ICO has always been clear that the law around cookies also applies to similar technologies," said a spokesperson.

"The Article 29 opinion adopted this week, which the ICO played a key role in drafting, confirms that digital fingerprinting can be such a technology.

"Digital fingerprinting can access information stored on a user’s machine in a similar way to a cookie, for a range of purposes. With that in mind, it is sensible to consider that the law can apply to some uses of digital fingerprinting in the same way it does to cookies."

Websites in our network
The New Statesman Press Gazette Spears World of Fine wine Elite Traveler Leadmonitor
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU