The EU's Digital Agenda chief warns time is running out for the Web's standards body, W3C, to develop a tool good enough to help users protect their data against commercial interests.
It's not easy for companies to make money online - the number of people willing to pay for an online subscription remains relatively low.
Many internet companies, including newspapers, still tend to rely on people's clicks on ads to make their money.
The more targeted the ad, the more advertisers are willing to pay. And in order to target an ad, they use tracking tools, such as cookies.
Each time you click on an ad, or "like" something on Facebook, or read a particular newspaper article - your clicks are being converted into valuable consumer data.
But privacy-friendly regulators like the EU Commissioner for the Digital Agenda Neelie Kroes want it to be standard that users have to first give their consent before companies can collect and make use of any such personal data.
Kroes has, however, grown increasingly frustrated the World Wide Web Consortium (W3C), a Web standards body made up of 50 blue chip companies and some data privacy experts.
She had tasked the W3C with developing an improved "Do Not Track" (DNT) tool to prevent companies from collecting data on Web users without consent - but now says it's dragging its heels.
Consent is required
On her blog, Kroes explains the idea behind DNT in the following way:
"If you log in to a web service, the cookie that remembers that you are logged in is fine - and indeed this makes our lives a whole lot easier online. But a cookie that is used to build a profile of what you are doing online is less OK: it might mean that your web surfing over time (searches, web pages visited, the content viewed, etc.) is tracked, for example, in order to match ads against your interests as determined from the profile. The use of such cookies requires your consent."
Kroes had set the W3C a deadline of June to agree on new tracking standards. But they missed that deadline.
Finally, in early October, the W3C presented its draft for the DNT. But regulators were left disappointed - and Kroes was angry.
This Thursday (11.10.2012), Kroes accused the main players of watering down the tool.
"Let me be frank: standardization work is not going according to plan," she said in a speech to business representatives in Brussels. "In fact, I am increasingly concerned about the delay and about the turn taken by the discussions hosted by the W3C."
Issues left open
Germany's highest data protection authority agrees that progress is weak.
"The W3C's draft left several issues open, including the definition of first-party cookies," said the federal data protection commission in a written statement to DW. [Editor: first-party cookies are set with the same domain as the one you're visiting and are often used to enhance the user experience.]
Jon Leibowitz, chairman of the US Federal Trade Commission, goes further, describing the W3C's draft on DNT as "a loophole you could drive a virtual truck through."
The draft suggests first-parties could be exempt from the DNT rule to guarantee users continue to experience a smooth time on the Web. But Germany's data protection commission warns the exemption should not include cookies from marketing companies.
Some companies like Microsoft have embraced DNT. The software and hardware maker has implemented DNT as the default setting on its web browser, Internet Explorer.
Kroes has welcomed Microsoft's initiative - and that of other companies - but still wants DNT to become universal practice.
"Online privacy and online business need to go hand in hand. Privacy is a fundamental right, if your idea doesn't work with that, it won't work at all. People won't use what they don't trust," says Kroes. "And they will stop using what they learn to distrust. If that happens, online businesses miss out on a huge opportunity of new and bigger markets."
Almost the final warning
A DNT standard is due to be adopted by January 2013.
But advertising companies are seen as a strong lobby within the W3C, and Germany's data protection commission is worried, saying "the tool will probably fail to meet requirements set out by EU rules."
Meanwhile, colleagues close to Kroes say her patience is wearing thin.
It is said she would prefer to achieve her goal of a working DNT through communication with the W3C.
However, if things continue the way they are now, her office has suggested that the final resort could be to change the EU's ePrivacy directive.
The directive is designed to help consumers become aware of the ways in which their data is collected online. It calls on website operators to obtain permission from users before they store or retrieve any personal data.
Currently, only national regulators can fine companies that flout the rules.
But DW has been told the directive could be changed to allow the European Commission to impose its own fines.