For best experience please turn on javascript and use a modern browser!
Bekijk de site in het Nederlands

To better protect the privacy of internet users, policymakers should rely less on the concept of informed consent. Users, for example, barely read consent requests for cookies. A combined approach of protecting and empowering the individual is needed. This is the conclusion of research conducted by Frederik Zuiderveen Borgesius, who will receive his doctorate from the University of Amsterdam (UvA) on 17 December.

Koekiesmonster uit Sesamstraat
Photo: Flickr, Surlan Soosay

Borgesius studied how policymakers can improve privacy protection in the area of behavioural targeting. This marketing technique involves tracking people’s online behaviour to use the collected information to show people individually targeted advertisements. Many people view behaviour targeting as a violation of privacy.

Borgesius: ‘We urgently need better protection for internet users. Behavioural studies have shown that the system of informed consent is fraught with difficulties. Virtually no one reads privacy statements or consent requests. People tend to click OK to almost any request they see pop up on their screens. We can hardly expect users to read every request they come across onlin; it would take people several weeks per year if they read the privacy policy of every website they visit.’

Moreover, people often have no real choice. For example, websites can install cookie walls or tracking walls. Borgesius gives the example of the website of the Dutch public broadcasting organisation, which denied access to visitors who did not accept the tracking cookies of dozens of marketing companies.

Focus on protection

To improve privacy protection, Borgesius argues for a combined approach of protecting and empowering the individual. Compared to the current approach, the focus should be more on protection.

Borgesius: ‘Under current privacy law, a user's consent does not give companies complete freedom to use personal information however they like. Even if a user has consented to data processing, a company must still comply with all the other requirements of privacy law.’ While stricter enforcement of the current rules would be a good first step, more will probably be required to improve privacy protection.

Borgesius calls for a broader discussion on the issue of internet privacy. Which uses of personal data do we as a society consider acceptable and which unacceptable? For example, is it acceptable that virtually all online news sources register the reading behaviour of users? There may be an argument for prohibiting data collection outright in certain contexts.

‘For example, tracking walls should be banned in certain cases. The proposal to amend the Dutch Telecommunications Act is a move in the right direction, as it would make it illegal for public sector websites to use tracking walls. Striking the right balance between protecting users' privacy and undue paternalism is not simple, but policymakers shouldn't avoid difficult choices.’


Mr F.J. Zuiderveen Borgesius: Improving Privacy Protection in the Area of Behavioural Targeting. Supervisor: Prof. N.A.N.M. van Eijk.

Time and location

The doctoral thesis defence ceremony will take place on Wednesday, 17 December at 14:00. Location: Agnietenkapel, Oudezijds Voorburgwal 231, Amsterdam.