Showing posts with label legislation. Show all posts
Showing posts with label legislation. Show all posts

Wednesday, April 4, 2012

EU Privacy Directive - my recommendations


In my earlier post, I covered my understanding of the EU Privacy Directive and what the current situation was with this legislation in the UK.

At the end of this post I raised the question of what you can do. So here's some recommended steps you can take to compliance:

  •  If you have an ecommerce site, immediately update your transaction Terms and Conditions.
  • Carry out an audit of all 1st and 3rd Party cookies and other tracking technologies used across the sites. Then assess whether they are still required
  • Clearly and accurately communicate to visitors about your cookie policy and what tracking is used.
  • Develop a solution that requests consent if it is not already obtained. This consent needs to be obtained before any other actions are carried out on the site.   Note: Consent can only be gained by positive action (e.g. the user doing something. The user NOT doing something is not consent.
  • Also check with your SEO company to see if any solution proposed affects your rankings (e.g. is seen as a blocker, cloaking, etc.?)
I would also strongly recommend that you speak with your legal representative or in-house counsel to ensure that you know your legal responsibilities when the legislation comes into force on the 26th May 2012.

Posted by at No comments:
Labels: , , ,

Tuesday, April 3, 2012

EU Privacy Directive - Fact vs Fiction

There's been a lot of discussion in the last few months on the new EU Privacy legislation, so I thought I'd write-up my current understand of the situation.

The UK government has given websites until May 26th 2012 tocomply with the EU Privacy Directive. As of 26th May 2011 it has already becomelaw across a number of countries in the EU.

The Information Commissioners Office (ICO) has the power tofine website owners up to £500,000 for serious breaches of the law. But he hasstated he will take a ‘practical and proportionate’ approach to enforcement ofthis legislation where organisations are making efforts to comply.

The Directive requires consent for storage or access toinformation stored on a subscriber or users terminal equipment. In other words…
obtaining consent for cookies and similar technologies. For example this could include: Local Shared Objects, commonly referred to as “Flash Cookies”, web beacons or bugs (including transparent or clear gifs).

The only valid exception is cookies which are ‘strictly necessary’ for a service requested by the user. However the ICO has stated thatwebsite analytics are not strictly necessary. They are also aware that obtaining consent from users may affect website owners’ ability to track users. In fact, when an opt-in message was placed on the ICO's own site, they saw visits (from opt-in users only) drop considerably. However, this will not stop them responding to complaints from visitors or carrying out their own investigations.

So what can you do?

(I'll hope to cover than in a subsequent post)
Posted by at No comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)