It's not just lambs that are bouncing around madly this March.
The UK's Information Commissioner's Office (ICO) kindly gave a period of grace to allow organisations to align their operations with the guidance concerning updates to the UK Privacy and Electronic Communications Regulations (PECR). The 26th May 2012 is not far away now.
Although guidance has been available since May 2011, with an update issued in December, it seems many organisations have not done anything, or are unsure what to do, or do not know what is required. In a blog post last week on E-Consultancy.com, the replies to EU Cookie Law: Three Approaches to Compliance give an air of desperation and a feeling that no-one wants to jump first.
Some of the comments are reasoned and practical, but there seems to have been much denial, and a need to place the blame somewhere else (Europe?), instead of proactively complying with the law, and helping individuals to protect their privacy. The comments from Lord Manly, Mike O'Neill, Carlton Jefferis and Russ add some welcome sanity to the hysteria.
Of the three suggestions made in the blog post for gaining compliance, none suggest avoiding the use of tracking technologies. And of course, it isn't just cookies, despite the headlines. As mentioned previously, technologies include:
- HTTP cookies
- Local Shared Objects (LSO) i.e. Flash cookies
- userData in DHTML Behaviors
- data in a Google Gears database
- data in an Indexed Database API
- local data storage in mobile applications
- HTML5 storage
...and anything similar that exists now or in the future.
I think the time to lobby is well past, and the time for action is about to run out. There are services/products that address some of the issues, but to do this properly in a way that covers all similar technologies probably requires building greater consideration of the issues into your own development and change control processes. Post-implementation sticky tape won't really do.
From May 2012, the ICO will be "accepting complaints" from users, and will then contact web site owners to ask them to respond to the complaint and explain what steps they have taken to comply with the regulations.