15 April 2011

EU Cookie Deadline Approaching

The 25th May is the deadline for implementing changes to the EU Privacy and Electronic Communications Directive. Organisations need to make efforts to comply with the regulations.

The changes mean organisations have to obtain consent from visitors (consumers) to their web sites in order to store on and retrieve usage information from users' computers. Whilst this is aimed at tracking cookies (e.g. behavioural advertising, site personalisation, remember-me functionality), the effect on cookies used for session management and tracking to defend privacy & security is not clear.

While the roll out of this new law will be a challenge, it will have positive benefits as it will give people more choice and control over what information businesses and other organisations can store on and access from consumers' own computers.

But what to do? Self regulation guidelines have just been issued by IAB Europe, the trade body for the European online advertising industry, but this pre-empts formal guidance. The Department for Culture, Media and Sport (DCMS) is leading on implementing the new measures in the UK while the Information Commissioner's Office (ICO) will be responsible for regulation, but the guidance is not expected until after the 25 May deadline. Part of this delay is likely to be due to wanting a joined up approach with the US Federal Trade Commission (FTC) who have been consulting on similar measures, and received a large amount of feedback. DCMS commissioned a report on regulation of internet cookies and this contains much useful information, but doesn't give any firm clues about what the guidance will be.

In the meantime, I would recommend organisation undertake the following steps if they don't already have this information:

  1. Identify all their web sites and applications.
  2. Determine which of these are accessed by consumers.
  3. Create a schedule of all the cookies created or used, including cookies from third-party content hosted on the site (e.g. analytics, advertising, widgets, code libraries).
  4. Detail other functionality which collects or stores information about users.

Then await for announcements from the DCMS and ICO.

Update today: The government's summary and response to its own consultation was published today after this item was posted. This confirms (see paragraphs 305-326) a non-prescriptive approach, that is not expected to affect the use of cookies strictly necessary for the provision of a service specifically requested by a user (e.g. session identifier, or a shopping basket). In addition, due to need for future phased implementation of technical solutions, it does not expect the ICO to take any enforcement action against organisations who are at least making some efforts to comply.

Posted on: 15 April 2011 at 08:10 hrs

Comments Comments (0) | Permalink | Send Send | Post to Twitter

Comments

Comments are filtered automatically and should appear shortly after they been checked.

Post a comment
Confirm acceptance and understanding of the terms of use
New posts to this thread will be sent to your email address
EU Cookie Deadline Approaching
http://www.clerkendweller.com/2011/4/15/EU-Cookie-Deadline-Approaching
ISO/IEC 18004:2006 QR code for http://clerkendweller.com

Page http://www.clerkendweller.com/2011/4/15/EU-Cookie-Deadline-Approaching
Requested by 38.107.179.222 on Thursday, 17 May 2012 at 22:55 hrs (London date/time)

Please read our terms of use and obtain professional advice before undertaking any actions based on the opinions, suggestions and generic guidance presented here. Your organisation's situation will be unique and all practices and controls need to be assessed with consideration of your own business context.

Terms of use http://www.clerkendweller.com/page/terms
Privacy statement http://www.clerkendweller.com/page/privacy
© 2011-2012 clerkendweller.com