Although the world did not come to the end on Saturday, as one millennial group had predicted, some in Europe worry that the end is near for European Internet start-ups when the new EU cookie directive goes into effect on May 25, 2011.  The concern is that European-based web sites will become littered with pop-up windows seeking consent to the use of cookies, while sites in the U.S. will continue benefit from cookies without having to get a user’s express consent for every cookies placed on a user’s machine.

And while European-based web sites fear they will bear the brunt of enforcement, U.S.-based website with users in Europe are potentially subject to these rules.

Website operators install cookies (small digital files) on user’s computers to store and retrieve information on a user’s activity on the site.  Cookies are an important tool for measuring the appeal of content, improving user services and targeting advertising.   Traditionally, website operators have disclosed their use of cookies on their website privacy policy.  Users were deemed to consent to having cookies installed on their computer in accordance with this posted policy.   As the UK Information Commissioners Office (“ICO”) has explained in recently-issued Guidance, this passive consent is no longer generally permitted under the new EU rules.  With certain limited exceptions, a user must affirmatively “opt in” to accepting cookies before a website can install cookies (or any similar file) on a user’s computer.

The potential fines for violation of the EU cookies rule are high – up to £500,000 in the UK – but it is unclear whether or when EU authorities will commence enforcement of this new rule.  The ICO has said it will delay enforcement to give website operators the time to adjust their practices.  The ICO has also held out the possibility that the ultimate solution will be more advanced web browser technology.  The ICO advocates widespread adoption of web browsers that give users more control over the types of cookies that they allow to be placed on their computer.  But until this technological solution arrives, website operators with users in Europe must confront the question of how and how soon they will bring their sites into compliance with the EU directive.