Regulatory Developments

Last updated: 
2 months 3 days ago
Blog Manager
Log in to request membershipHide blog description
One of Jisc’s activities is to monitor and, where possible, influence regulatory developments that affect us and our customer universities, colleges and schools as operators of large computer networks. Since Janet and its customer networks are classified by Ofcom as private networks, postings here are likely to concentrate on the regulation of those networks. Postings here are, to the best of our knowledge, accurate on the date they are made, but may well become out of date or unreliable at unpredictable times thereafter. Before taking action that may have legal consequences, you should talk to your own lawyers. NEW: To help navigate the many posts on the General Data Protection Regulation, I've classified them as most relevant to developing a GDPR compliance process, GDPR's effect on specific topics, or how the GDPR is being developed. Or you can just use my free GDPR project plan.

Group administrators:

Recent members:

Article 29 Working Party supports Do Not Track for cookies

Wednesday, June 6, 2012 - 11:22

Data Guidance reports that the Article 29 Working Party have agreed with the Commission that the World Wide Web Consortium (W3C)’s Do Not Track proposals are “one of the most promising initiatives” to make behavioural advertising comply with European laws on data protection and cookies.

In the past the Working Party has said that proposals from the advertising industry that relied on icons to inform users about tracking behaviour were not compliant. Their most recent letter confirms that a compliant solution must first obtain the user’s active and informed agreement to tracking and that users who have not agreed must neither be shown adverts nor have their browsing patterns collected in order to inform the adverts shown to others.

The WP 29 is of the opinion that a global DNT mechanism could be a very efficient way to deal with user consent for the tracking of their web surfing behaviour across different websites.

However, such consent can only be provided if users of all browsers have made an active and informed choice to allow or disallow the tracking. Such a choice could be offered in a manner similar to the browser selection tool in an operating system.

It seems the Working Party envisage that a computer or browser would ask for DNT preferences when it is first run (as, following European enforcement action, Microsoft operating systems now ask the user which Internet browser they want to use). That is at least better than there being pop-ups on every website, but I still wonder how granular such a choice system could be – would it allow me to contribute to analytics on one site but not another, for example – and what happens to cookies or advertising networks that don’t make it onto the first page of the choice screen?

Also (unlike descriptive icons) any system that relies on particular features in a browser is going to take a long time to become generally useful. Presumably a site will have to treat a browser that doesn’t support DNT, or whose user decided to ignore the selection screen, as having chosen not to be tracked. The W3C is planning to publish a recommendation in June, so even the first compliant browsers and servers aren’t likely to appear till some time after that. In the UK the Information Commissioner is planning to begin enforcing the cookie law in May, and has already said that sites can’t assume users have the most recent browsers, so those timescales don’t seem to match.

Cookies
Privacy
ePrivacy Directive
  • Twitter logo
  • LinkedIn logo
  • Google+ logo
  • Reddit logo
  • StumbleUpon logo