This document provides guidance on European cookie law and how to comply with regulations regarding cookies. It explains that European directives from 1995 and 1998 established data protection laws, and that non-compliance can result in penalties up to 500,000 pounds. It recommends auditing website use of cookies, informing visitors about cookie policies, and allowing implied or explicit consent depending on the situation. The document provides examples of techniques for compliance, such as Do Not Track and pop-up notifications, as well as debate on the cookie law regulations.
4. Data Protection
European Directive of 1995
Data Protection Act of 1998
Update of DPA of 2003
http://en.wikipedia.org/wiki/Data_Protection_Act_1998
5. Regulation of Data Protection
Information Commissioner's Office
http://www.ico.gov.uk
Data Controlers
http://www.ico.gov.uk/ESDWebPages/search.asp
6. Origins
The Privacy and Electronic Communications
Regulations 2003
Directive 2009/136/EC (specially the Article 5(3)
of the E-Privacy Directive)
All EC States had until 25 May 2011 to transpose
it.
UK transposes it in 25 May 2011
8. Why I should care?
That is a simple question. And has a simple
answer:
Penalties – can go up to £ 500.000
9. The Law Resumed
Applies to anything that runs on a user device
Applies to any action of storing and/or retrieving
information
Requires informed consent
10. The ICO Recomendations
Implied consent (ic)
Very well Informed (specially if using ic)
Simple and direct “Cookie Policies”
Explicit consent (on certain cases)
Those are tasty cookies but We are referring to Browser cookies, sort of... So what are they and why a Law about them?
Regulation of the registration and processing of personal data Become UK Law in 1998
(Implementing European Directive – 2002/58/EC) E-Privacy Directive mandates the requirement of requesting consent for storing and accessing data
"The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011" is introduced in UK in 25 May 2011 and soon it was named "The Cookie (monster) Law"
"Implied consent is a valid form of consent and can be used in the context of compliance with the revised rules on cookies." "If you are relying on implied consent you need to be satisfied that your users understand that their actions will result in cookies being set. Without this understanding you do not have their informed consent." "You should not rely on the fact that users might have read a privacy policy that is perhaps hard to find or difficult to understand." "In some circumstances, for example where you are collecting sensitive personal data such as health information, you might feel that explicit consent is more appropriate."