Tuesday, April 3, 2012

EU Privacy Directive - Fact vs Fiction

There's been a lot of discussion in the last few months on the new EU Privacy legislation, so I thought I'd write-up my current understand of the situation.

The UK government has given websites until May 26th 2012 tocomply with the EU Privacy Directive. As of 26th May 2011 it has already becomelaw across a number of countries in the EU.

The Information Commissioners Office (ICO) has the power tofine website owners up to £500,000 for serious breaches of the law. But he hasstated he will take a ‘practical and proportionate’ approach to enforcement ofthis legislation where organisations are making efforts to comply.

The Directive requires consent for storage or access toinformation stored on a subscriber or users terminal equipment. In other words…
obtaining consent for cookies and similar technologies. For example this could include: Local Shared Objects, commonly referred to as “Flash Cookies”, web beacons or bugs (including transparent or clear gifs).

The only valid exception is cookies which are ‘strictly necessary’ for a service requested by the user. However the ICO has stated thatwebsite analytics are not strictly necessary. They are also aware that obtaining consent from users may affect website owners’ ability to track users. In fact, when an opt-in message was placed on the ICO's own site, they saw visits (from opt-in users only) drop considerably. However, this will not stop them responding to complaints from visitors or carrying out their own investigations.

So what can you do?

(I'll hope to cover than in a subsequent post)
Post a Comment