Regulatory Developments

Last updated: 
3 months 2 weeks ago
Blog Manager
Log in to request membershipHide blog description
One of Jisc’s activities is to monitor and, where possible, influence regulatory developments that affect us and our customer universities, colleges and schools as operators of large computer networks. Since Janet and its customer networks are classified by Ofcom as private networks, postings here are likely to concentrate on the regulation of those networks. Postings here are, to the best of our knowledge, accurate on the date they are made, but may well become out of date or unreliable at unpredictable times thereafter. Before taking action that may have legal consequences, you should talk to your own lawyers. NEW: To help navigate the many posts on the General Data Protection Regulation, I've classified them as most relevant to developing a GDPR compliance process, GDPR's effect on specific topics, or how the GDPR is being developed. Or you can just use my free GDPR project plan.

Group administrators:

Recent members:

New EC Cookie Law?

Wednesday, June 6, 2012 - 09:42

Considerable concern has been expressed about the news that it has apparently been agreed to change European law on cookies as part of the revision of the Telecoms Directives.

The current law on cookies is contained in Article 5 of the Directive on Privacy and Electronic Communications (2002/58/EC) and Regulation 6 of the UK's matching Privacy and Electronic Communications Regulations 2003. Those require that whenever cookies are stored and accessed, the user must "[be] provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and [be] given the opportunity to refuse the storage of or access to that information". The Information Commissioner's Good Practice Note suggests that this can be done by providing information as part of the site's privacy policy and allowing users to refuse continued processing once they are on a site, in  other words informing visitors and then allowing them to opt out of cookies.

However a new text - apparently already accepted by the European Parliament, Commission and Council of Ministers - would change the law to require the information and opportunity to refuse to be provided before any cookies are stored in a browser.This appears to be a well-intentioned attempt to improve privacy protection, but since cookies are now very widely used by websites, commentators have raised visions of every website being preceded by a "may we use cookies?" landing page or hidden behind a fog of permission-seeking pop-ups, with the resulting collapse of the advert-funded business model.

Two facts may mean that things aren't quite that bad.

First, both the old and new texts recognise that some cookies are "strictly necessary" to provide the service that the user wants. Shopping cart cookies are the most obvious example. These cookies are, and will continue to be, exempt from the right to refuse - the only way to refuse these cookies is not to use the service.

Second, EC Directives need to be transposed into UK law, and commentators have expressed the hope that what emerges from this may be a more practical requirement, supported by pragmatic guidance from the Information Commissioner. Most Directives give member states 18 months to transpose the EC requirement into national law, so there are likely to be some interesting discussions between now and 2011.

Cookies
Privacy
ePrivacy Directive
  • Twitter logo
  • LinkedIn logo
  • Google+ logo
  • Reddit logo
  • StumbleUpon logo