Regulatory Developments

Last updated: 
3 months 3 weeks ago
Blog Manager
Log in to request membershipHide blog description
One of Jisc’s activities is to monitor and, where possible, influence regulatory developments that affect us and our customer universities, colleges and schools as operators of large computer networks. Since Janet and its customer networks are classified by Ofcom as private networks, postings here are likely to concentrate on the regulation of those networks. Postings here are, to the best of our knowledge, accurate on the date they are made, but may well become out of date or unreliable at unpredictable times thereafter. Before taking action that may have legal consequences, you should talk to your own lawyers. NEW: To help navigate the many posts on the General Data Protection Regulation, I've classified them as most relevant to developing a GDPR compliance process, GDPR's effect on specific topics, or how the GDPR is being developed. Or you can just use my free GDPR project plan.

Group administrators:

Recent members:

Minister on Cookies and Data Protection

Wednesday, June 6, 2012 - 10:44

I've just spotted a speech given last month to the CBI by Communications Minister, Ed Vaizey, in which he proposes a pragmatic approach to EC law on cookies and Data Protection. On cookies, he describes the provisions in the revised European Telecoms Directives (in particular Article 2(5) of Directive 2009/136/EC) that require user consent as:

a good example of a well-meaning regulation that will be very difficult to make work in practice.  If we get the implementation wrong, it will seriously hamper the smooth running of the internet, and so it’s therefore a provision that should concern the consumer as well.

He confirms (as in the Directive) that consent will not be required for cookies that are "essential for a service requested by the user", specifically mentioning those used to implement shopping carts, and suggests Yahoo's Ad Choices and improved cookie information and controls in browsers as promising approaches to seeking consent for those cookies that are optional.

On the wider issuse of data protection, he begins by pointing out that the Internet does not recognise either national or jurisdictional boundaries and therefore suggests that an international agreement on privacy standards will be better for both consumers and businesses than an approach that focuses on Europe alone, thus causing significant uncertainty and costs for those who wish to use Internet sites (including cloud services) elsewhere in the world. This approach seems more in line with the Council of Ministers' view than that of the European Commissioner.

Finally, there appears to be a suggestion that the UK will implement a requirement to report security breaches affecting personal data more widely than is required by current EC legislation. "Banks" are mentioned as being within scope of this requirement, even though the current e-Privacy Directive only applies to public electronic communications providers. Recital 59 of the Directive expresses an intention to expand the scope of the breach notification requirement in future, so it may be that the UK is simply proposing to do it all in one go.

Breach Notification
Cookies
Privacy
ePrivacy Directive
  • Twitter logo
  • LinkedIn logo
  • Google+ logo
  • Reddit logo
  • StumbleUpon logo