Cookie Law – How to meet the deadline for compliance: The Legal Context


Published on

James Milligan, Solicitor with the DMA, provides an overview of the legal context for webmasters seeking to comply with the new cookie law.

©James Milligan, DMA 2012

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Cookie Law – How to meet the deadline for compliance: The Legal Context

  1. 1. Cookie Law – How to meet the deadline for compliance The Legal Context James Milligan DMA Solicitor CIVIC 18 January 2011
  2. 2. Outline 1) New cookie law 2) European Issues
  3. 3. New Cookie Law – Privacy and Electronic Communications (Amendment) Regulations 2011
  4. 4. New Cookie Law <ul><li>What’s changed? </li></ul><ul><li>Strictly necessary exemption </li></ul><ul><li>When will new rules be enforced? </li></ul><ul><li>Is browser software the magic fix </li></ul><ul><li>Some outstanding issues </li></ul><ul><li>What should you be doing now? </li></ul><ul><li>How to obtain consent </li></ul><ul><li>Some examples of how to comply </li></ul><ul><li>Key compliance issues </li></ul><ul><li>ICO Half Term Report </li></ul><ul><li>Future developments </li></ul>
  5. 5. 1) What’s changed? <ul><li>Consent on an opt-in basis to store, retrieve and use information on a users pc through cookies or gifs. </li></ul><ul><li>Consent – freely given specific and informed </li></ul><ul><li>Old rules - inform users and opt-out offered </li></ul>
  6. 6. 2) Strictly necessary exemption <ul><li>Strictly necessary </li></ul><ul><li>Provision of a service </li></ul><ul><li>Provided at the request of the user </li></ul><ul><li>Users do not have to opt – in to use of cookies </li></ul><ul><li>Best practice - given information about use of cookies </li></ul><ul><li>Narrow interpretation </li></ul>
  7. 7. 3) When will new rules be enforced <ul><li>ICO soft enforcement until May 2012 </li></ul><ul><li>Websites deliberately misleading </li></ul><ul><li>ICO new enforcement powers </li></ul><ul><li>Post May 2012 ICO hard enforcement </li></ul><ul><li>Complaint driven action </li></ul><ul><li>Working towards compliance </li></ul>
  8. 8. 4) Is browser software the magic fix <ul><li>Unlikely to issue new versions by May 2012 </li></ul><ul><li>Problem of old versions still being used </li></ul><ul><li>Allow consumers to make decisions because of default settings before they reach your page </li></ul><ul><li>Can default settings be overridden on a case by case basis? </li></ul>
  9. 9. 5) Some outstanding issues <ul><li>Third party cookies/online behavioural advertising </li></ul><ul><li>Self regulatory pan- European initiative </li></ul><ul><li>DMA involved in UK implementation </li></ul><ul><li>European data protection commissioners lukewarm </li></ul><ul><li>Mobile </li></ul>
  10. 10. 6) What should you be doing now? <ul><li>Identify existing use of cookies </li></ul><ul><li>Identify different types of cookies used on your website and grade according to level of intrusiveness </li></ul><ul><li>Identify whether any might be strictly necessary </li></ul><ul><li>Work out a compliance plan – deal with intrusive ones first </li></ul><ul><li>Think about your options for gaining consent – effort / risk </li></ul><ul><li>Summary - audit, prioritise, review </li></ul>
  11. 11. 7) How to obtain consent <ul><li>Amend your privacy policy/terms and conditions </li></ul><ul><li>Visually map customer journey through your website – look at touch points where you gain consent </li></ul><ul><li>Consider landing page where you get consent </li></ul><ul><li>Statement on email footers </li></ul><ul><li>Separate cookie policy </li></ul><ul><li>Make it easy for users to understand – DMA involved in ICC Common Language </li></ul>
  12. 12. 8) Some examples <ul><li>ICO approach </li></ul>
  13. 13. 8) Some examples <ul><li>2) DCMS approach </li></ul><ul><li> </li></ul><ul><li>Simple approach for Google analytics cookies </li></ul>
  14. 14. 9) Key Compliance Issues <ul><li>Legislation is technologically neutral </li></ul><ul><li>Transparency and consumer education </li></ul><ul><li>Comply with the spirit of the legislation </li></ul><ul><li>Responsibility for compliance lies with organisation deploying cookies </li></ul>
  15. 15. 10) ICO Half Term Report Dec 2011 <ul><li>Could do better/Must try harder </li></ul><ul><li>Use existing methods for getting consent online </li></ul><ul><li>Quick wins </li></ul><ul><li>Cookie/Privacy policy - clear and visible </li></ul>
  16. 16. 10) ICO Half Term Report Dec 2011 <ul><li>Ideas – cookie management tools/ </li></ul><ul><li>banners/buttons </li></ul><ul><li>ICO can’t endorse specific products/ </li></ul><ul><li>services </li></ul><ul><li>Might not take you all the way to full compliance </li></ul><ul><li>Collaboration at industry and sector level </li></ul>
  17. 17. 10) ICO Half Term Report Dec 2011 <ul><li>Possible enforcement action </li></ul><ul><li>Is my website doing anything that my users don’t know about? </li></ul><ul><li>Am I confident that I am giving them appropriate options? </li></ul><ul><ul><li>Not using cookies </li></ul></ul><ul><ul><li>Registered Users – what about others? </li></ul></ul><ul><ul><li>Consumer education </li></ul></ul>
  18. 18. 11) Future developments <ul><li>Remember compliance is on ongoing issue – cookies will be added and removed from your organisation’s website </li></ul><ul><li>May 2012 is fast approaching, </li></ul>
  19. 19. European Issues
  20. 20. European Issues <ul><li>European Data Protection Directive Review </li></ul><ul><li>Cloud computing </li></ul><ul><li>Council of Europe Data Protection Convention Review </li></ul>
  21. 21. Thank you and Questions James Milligan DMA Solicitor The Direct Marketing Association (UK) Ltd Tel: 020 7291 3347 Email: [email_address] DMA Legal Advice Tel: 020 7291 3360 Email: [email_address]