Data Protection webinar:The new cookie law In association with18 April 2012
Programme∗ Introductions∗ What the law says∗ Will the law be enforced?∗ What we need to do ∗ Assess the problem ∗ Provide information ∗ Ask for consent?
This presentation is intended to help youunderstand aspects of the Privacy & ElectronicCommunications (EC Directive) (Amendment)Regulations 2011 and related legislation.It is not intended to provide detailed advice onspecific points, and is not necessarily a fullstatement of the law.
Where we are so far∗ Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 came into force on 26th May 2011∗ Information Commissioner announced a year’s grace before enforcement action would be taken∗ Information Commissioner issued guidance in December 2011
What the Regulations say∗ You must not store information (e.g. through a cookie) on someone else’s computer unless: ∗ they have clear information about the purpose; and ∗ they have given consent∗ You only have to ask them the first time∗ They can consent through browser settings (but …)∗ You don’t need consent for cookies that are ‘strictly necessary’ for the functioning of a website
What the Information Commissioner says∗ He wants ‘good solutions rather than rushed ones’.∗ No ‘wave of knee-jerk formal enforcement action’ as long as people are making the effort to comply.∗ There are ‘pockets of good practice’ and while he ‘cannot endorse specific products or services’, there are ‘people going about this the right way’.∗ Analytics cookies are covered, but not a priority.
What do we need to do?∗ Document what cookies we have∗ Assess how intrusive they are∗ Decide whether we really need them all∗ Provide appropriate information ∗ In the privacy statement ∗ At appropriate points on the website∗ Decide what we need consent for and how to get it∗ Work out how people can withdraw consent
Thank you∗ Slides and links to other material will be circulated by e-mail shortly∗ Follow-up questions welcome: firstname.lastname@example.org∗ More webinars on topics related to Data Protection: www.paulticher.com/webinars/