View
3.504
Download
0
Category
Preview:
DESCRIPTION
James Milligan, Solicitor with the DMA, provides an overview of the legal context for webmasters seeking to comply with the new cookie law.©James Milligan, DMA 2012
Citation preview
Cookie Law – How to meet the deadline for compliance
The Legal ContextJames MilliganDMA Solicitor
CIVIC 18 January 2011
Outline
1) New cookie law
2) European Issues
New Cookie Law – Privacy and Electronic Communications
(Amendment) Regulations 2011
New Cookie Law
1) What’s changed?
2) Strictly necessary exemption
3) When will new rules be enforced?
4) Is browser software the magic fix
5) Some outstanding issues
6) What should you be doing now?
7) How to obtain consent
8) Some examples of how to comply
9) Key compliance issues
10) ICO Half Term Report
11) Future developments
1) What’s changed?
• Consent on an opt-in basis to store, retrieve and use information on a users pc through cookies or gifs.
• Consent – freely given specific and informed
• Old rules - inform users and opt-out offered
2) Strictly necessary exemption
1. Strictly necessary
2. Provision of a service
3. Provided at the request of the user
• Users do not have to opt – in to use of cookies
• Best practice - given information about use of cookies
• Narrow interpretation
3) When will new rules be enforced
• ICO soft enforcement until May 2012• Websites deliberately misleading• ICO new enforcement powers• Post May 2012 ICO hard
enforcement• Complaint driven action• Working towards compliance
4) Is browser software the magic fix
• Unlikely to issue new versions by May 2012
• Problem of old versions still being used
• Allow consumers to make decisions because of default settings before they reach your page
• Can default settings be overridden on a case by case basis?
5) Some outstanding issues
• Third party cookies/online behavioural advertising
• Self regulatory pan- European initiative
• DMA involved in UK implementation
• European data protection commissioners lukewarm
• Mobile
6) What should you be doing now?
1) Identify existing use of cookies2) Identify different types of cookies used on
your website and grade according to level of intrusiveness
3) Identify whether any might be strictly necessary
4) Work out a compliance plan – deal with intrusive ones first
5) Think about your options for gaining consent – effort / risk
6) Summary - audit, prioritise, review
7) How to obtain consent
1) Amend your privacy policy/terms and conditions
2) Visually map customer journey through your website – look at touch points where you gain consent
3) Consider landing page where you get consent
4) Statement on email footers5) Separate cookie policy6) Make it easy for users to understand –
DMA involved in ICC Common Language
8) Some examples
1) ICO approach
8) Some examples
2) DCMS approach
• http://www.culture.gov.uk/4902.aspx
• Simple approach for Google analytics cookies
9) Key Compliance Issues
1) Legislation is technologically neutral2) Transparency and consumer
education3) Comply with the spirit of the
legislation4) Responsibility for compliance lies
with organisation deploying cookies
10) ICO Half Term Report Dec 2011
1) Could do better/Must try harder2) Use existing methods for getting
consent online3) Quick wins4) Cookie/Privacy policy - clear and
visible
10) ICO Half Term Report Dec 2011
1) Ideas – cookie management tools/banners/buttons
2) ICO can’t endorse specific products/services
3) Might not take you all the way to full compliance
4) Collaboration at industry and sector level
10) ICO Half Term Report Dec 2011
Possible enforcement action1) Is my website doing anything that my
users don’t know about?2) Am I confident that I am giving them
appropriate options?- Not using cookies- Registered Users – what about
others?- Consumer education
11) Future developments
1) Remember compliance is on ongoing issue – cookies will be added and removed from your organisation’s website
2) May 2012 is fast approaching,
European Issues
European Issues
• European Data Protection Directive Review
• Cloud computing
• Council of Europe Data Protection Convention Review
Thank you and QuestionsJames MilliganDMA SolicitorThe Direct Marketing Association (UK) Ltd
Tel: 020 7291 3347Email: james.milligan@dma.org.uk
DMA Legal AdviceTel: 020 7291 3360Email: legaladvice@dma.org.uk
Recommended