The Economic Cost of the European Union's Cookie Notification Policy

The EU's HTTP Cookie Notification Policy is costing Europe $2.3 billion a year and needs to go.

In 2009, the European Union sought to regulate HTTP cookies—small text files are sent from a website and stored in a user’s web browser while the user is browsing that website—as part of their “e-Privacy” Directive, forcing all European websites to not only post their cookie policies, but also to seek the consent of each visiting user for the use of those cookies. This report finds that the total annual cost of this law is $2.3 billion dollars per year. This figure includes both compliance costs for European website operators and productivity costs. Given these costs and the law’s limited demonstrated benefits, European policymakers should abolish this largely symbolic “feel good” law for the sake of the European digital economy.

This report explores how not only is the EU privacy directive’s cookie policy costly, it also offers little to no benefits for EU citizens. In fact, by raising costs for website operators, it reduces the revenue available to develop quality online content and services for consumers. By requiring websites to notify users of all HTTP cookies, the policy may discourage many uncontroversial uses of cookies such as personalization which improve users’ online experiences. This policy also ignores that even when cookies are used to deliver targeted advertising, this largely benefits consumers with better ads and website owners with higher revenue they can use to provide higher quality consumer experiences. Additionally, users have filed few complaints about how websites are using cookies. The UK’s ICO received only 38 complaints regarding cookies between April and June of 2014, comparable to 9,000 complaints for automated sales calls during the same period. Answer ing this trifling number of complaints is not worth the law’s financial burden given the fact that the ICO also has noted that the majority of cookie complaints are “vexatious, personal, and time wasting.”

Several European Union and member state policymakers have begun looking at the cost-benefit analysis of this law a few years after its original implementation. As the European Union and its member states begin to revisit the e-Privacy directive, they should recognize that continuing to implement this cookie law is costly both to economic productivity and individual European websites. Furthermore, if the ICO’s experience is any sign of this law’s public mandate, it is unwanted in Europe as well. The European Union should act expeditiously to rollback this burdensome directive for the good of its digital economy and the ease of web surfing of its citizens.