Keep up to date with our blog entries on:
Saturday, 21st April 2012 at 9:15am
Is your website ready to meet the new data protection rules that come into force on 26th May?
If you run cookies on your website to track and store information about users then from 26th May you will need their permission or you may be in breach of new EU legislation.
The only exception to this rule, according to the Information Commissioners Office (ICO), is “if what you are doing is strictly necessary for a service requested by the user.” This exception is a narrow one but might apply, for example, to a cookie you use to ensure that when a user of your site has chosen the goods they wish to buy and clicks the ‘add to basket’ or ‘proceed to checkout’ button, your site ‘remembers’ what they chose on a previous page. You would not need to get consent for this type of activity.
How you gain this approval is the next challenge. If you visit the ICO's website you will see that they now ask you the following question:
'The ICO would like to place cookies on your computer to help us make this website better. To find out more about the cookies, see our privacy notice.'
'I accept cookies from this site'
Many sites will be able to ask a specific question when users register for a service or locked off content however others will also need to ask similar questions not to be in breach of the legislation.
The ICO has issued a guidance document on this subject which you can download below.
advice_on_the_new_cookies_regulations.pdf (122 kb)
Sunday, 26th June 2011 at 6:51am
From 25 May, European law dictates that "explicit consent" must be gathered from web users who are being tracked via text files called "cookies".
However, all is not lost. The Directive says that it may be possible for a user's consent to be provided by their use of appropriate browser settings.
“…Where it is technically possible and effective, in accordance with the relevant provisions of Directive 95/46/EC, the user’s consent to processing may be expressed by using the appropriate settings of a browser or other application. The enforcement of these requirements should be made more effective by way of enhanced powers granted to the relevant national authorities.”
Directive page L 337/20, paragraph 66
This may appear good news, however not everyone will visit a web site through a browser that allows these settings to be adapted. For example, browsing using a mobile phone or older versions of browsers.
In an attempt to help businesses in the UK to prepare for and comply with the EU Directive the Information Commissioner’s Office (ICO) has issued guidance, aligning UK law with the EU Directive in the belief that a browser setting signifies consent.
“(3A) For the purposes of paragraph (2), consent may be signified by a subscriber who amends or sets controls on the internet browser which the subscriber uses or by using another application or programme to signify consent.”
In addition, the ICO explains that those cookies that are “strictly necessary” to providing a service are exempt from the new rules. The ICO also adds;
The BBC has recently reported; “The government has formed a working group with browser manufacturers to see if a browser-based solution to the issue can be found. Microsoft’s IE9 and the latest version of Mozilla’s Firefox already offer a setting to protect users from services which collect and harvest browser data and Google is working at integrating so-called ‘Do Not Track’ technologies into their Chrome browser. As part of its work to comply with the directive, the IAB has created a site that explains how behavioural advertising works and lets people opt out of it.”
Disclaimer: The Think Tank is not a legal adviser and is only commenting upon this subject. We do not accept any liability for any actions taken upon the information contained in this article.