10 November 2009

Cookies and Consent

You may have heard some news about cookies, consent and the Council of the European Union in the consideration of the confidentiality the communications. Well, the legislation has been passed and the regulators is each nation have until 26th April 2011 to implement it.

Part of the cover from the new EU legislation relating to cookies and consent showing the words 'European Union', the EU logo and 'European Parliament, Brussels 22 October... PE-CONS367...'

The legislation amending Directive 2002/22/EC on universal service and users' rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws, will require that prior consent is required before cookies are set:

Member States shall ensure that the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent, having been provided with clear and comprehensive information, in accordance with Directive 95/46/EC...

What will this this mean for authentication and authorisation cookies that use cookies for session management? If the cookies are a mandatory part of the purpose for which the user is undertaking (i.e. requested access to an area that requires authentication), there is an exception:

This shall not prevent any technical storage or access for the sole purpose of carrying out the transmission of a communication over an electronic communications network, or as strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the service.

Note that there is no exception for cookies for advertising, web analytics software, security logging, usability testing etc., and it would seem that prior consent will be required for those. Although 2011 may seem a long way off, new applications in development and changes to existing applications should certainly be considering the implications, and owners of existing web applications should be assessing the possible effects and make plans once UK legislation is passed and guidance issued.

Additional discussion:

I don't feel as pessimistic about this as Out-Law seem to be. Perhaps we'll see opt-in services being provided by the advert distribution agencies, rather than by each individual web site.

Posted on: 10 November 2009 at 10:16 hrs

Comments Comments (0) | Permalink | Send Send | Post to Twitter

Comments

Comments are filtered automatically and should appear shortly after they been checked.

Post a comment
Confirm acceptance and understanding of the terms of use
New posts to this thread will be sent to your email address
Cookies and Consent
http://www.clerkendweller.com/2009/11/10/Cookies-and-Consent
ISO/IEC 18004:2006 QR code for http://clerkendweller.com

Page http://www.clerkendweller.com/2009/11/10/Cookies-and-Consent
Requested by 38.107.191.106 on Friday, 3 September 2010 at 04:30 hrs (London date/time)

Please read our terms of use and obtain professional advice before undertaking any actions based on the opinions, suggestions and generic guidance presented here. Your organisation's situation will be unique and all practices and controls need to be assessed with consideration of your own business context.

Terms of use http://www.clerkendweller.com/page/terms
Privacy statement http://www.clerkendweller.com/page/privacy
© 2009-2010 clerkendweller.com