Regulatory Developments

Last updated: 
6 days 18 hours ago
Blog Manager
Log in to request membershipHide blog description
One of Jisc’s activities is to monitor and, where possible, influence regulatory developments that affect us and our customer universities, colleges and schools as operators of large computer networks. Since Janet and its customer networks are classified by Ofcom as private networks, postings here are likely to concentrate on the regulation of those networks. Postings here are, to the best of our knowledge, accurate on the date they are made, but may well become out of date or unreliable at unpredictable times thereafter. Before taking action that may have legal consequences, you should talk to your own lawyers. NEW: To help navigate the many posts on the General Data Protection Regulation, I've classified them as most relevant to developing a GDPR compliance process, GDPR's effect on specific topics, or how the GDPR is being developed. Or you can just use my free GDPR project plan.

Group administrators:

Recent members:

Cookie law - time to act?

Wednesday, June 6, 2012 - 10:38

The Information Commissioner managed to greatly raise the profile of the new EU law on cookies last week, warning in a press release that "UK businesses must wake-up" to the forthcoming change. However this alarm bell seems to be a bit early, as the Government admitted that although it does expect to meet the deadline of May 25th for transposing the European Directive into UK law (possibly simply copying the text of the Directive), it will take longer than that to produce guidance available on what businesses actually need to do to comply with it.

The problem is that the Directive requires users to give "consent" before any cookies are placed on their computers, but it has never been clear how this consent should be expressed. When the Directive was passed, some commentators considered that an explicit prompt would need to be given to each user, for example through a pop-up or landing page, whereas others thought that it was sufficient to check whether existing browser preferences permitted the cookie to be loaded. Last week's press release only mentions the latter, "browser-settings" approach, which was also the preferred option in last year's Government consultation on implementing the Directive (see page 57 of the consultation paper). That consultation also distinguished cookies that were "strictly necessary to deliver a service which has been explicitly requested by the user", while also commenting that more information should be provided on how cookies are used.

Until the UK legislation is published and passed, and guidance on implementing it provided, it seems the best thing organisations can do is review what cookies their websites generate (including any third party links or cookies) and consider documenting what benefits they deliver.

[UPDATE] Out-law reports that the Government is indeed "working with browser manufacturers" on a solution

[UPDATE] Jon Warbrick has drawn my attention to a spoof website set up to show what the world might look like under an extreme interpretation of this law (it'll only work if you enable scripts...)

Cookies
ePrivacy Directive
  • Twitter logo
  • LinkedIn logo
  • Google+ logo
  • Reddit logo
  • StumbleUpon logo