Feb 18, 2011 17:51 GMT  ·  By

The European Union's information security agency, ENISA, expresses concern about the increasing use of persistent cookies by Internet advertisers, and call for better control and transparency.

The European Network and Information Security Agency (ENISA), has published a report on what it calls "bittersweet cookies," a more powerful and persistent type of cookies used for marketing practices.

The agency notes that HTTP cookies were initially created for facilitating browser-server interaction and solving other legitimate technical problems.

However, their originally intended purpose has been altered by the advertising industry and are now not only being used for non-standard actions like profiling and tracking, but have become harder to remove and manage.

ENISA calls for actions to be taken to limit the impact these persistent cookies have on people's online privacy and security.

It stresses that any system that relies on cookies should be designed with "informed consent" in mind and users should be fully aware of the data stored in them.

Furthermore, it asks for particularly new types of cookies to be easily manageable via user-friendly mechanisms and for cookie storage outside of the browser to be limited or prohibited.

"Much work is needed to make these next-generation cookies as transparent and user-controlled as regular HTTP cookies, to safeguard the privacy and security aspects of consumers and business alike," said ENISA's Executive Director, Prof. Udo Helmbrecht.

Alternative cookies have become a growing concern ever since large corporations were caught tracking visitors on their websites through Flash Local Shared Objects (LSO).

A class action lawsuit has been filed against Walt Disney Internet Group, Warner Bros. Records, Ustream and other companies, for engaging in such actions.

IAB Europe, the group representing the European advertising industry, has condemned the practice of using LSOs or other alternative storage locations to re-spawn cookies.

"Companies must respect users’ choices. In the connected internet, where web sites collaborate with many third parties, such illegal practices pose a problem not only for one sector but for the entire online industry," the industry association said.