bootlaw cookies
DESCRIPTION
Presentation given at Bootlaw, June 2011, on new UK cookie regulations including slot from the Cookie Collective.TRANSCRIPT
The New Cookie Law
June 2011
#Bootlaw
Nice cookies
Platine Chocolate Chip Cookies by Muy Yum 2009
HMP1 1 hotmail.msn.com/ 0 1715191808
32107852 1236821008 29449527 *
Nasty cookies?
Ye old cookie law
Privacy and Electronic Communications (EC Directive) Regulations 2003
•Regulation 6• Clear and comprehensive information• Opportunity to refuse• Sufficient that requirements are met in respect of the
initial use• Exceptions
Directive 2009/136/ECSubscriber or user must be asked to give their informed consent to receive cookies
Unless
The cookie is strictly necessary to receive the service which has been explicitly requested by the subscriber or user
Recital 66
"(66) Third parties may wish to store information on the equipment of a user, or gain access to information already stored, for a number of purposes, ranging from the legitimate (such as certain types of cookies) to those involving unwarranted intrusion into the private sphere (such as spyware or viruses). It is therefore of paramount importance that users be provided with clear and comprehensive information when engaging in any activity which could result in such storage or gaining of access. The methods of providing information and offering the right to refuse should be as user-friendly as possible. Exceptions to the obligation to provide information and offer the right to refuse should be limited to those situations where the technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user. Where it is technically possible and effective, in accordance with the relevant provisions of Directive 95/46/EC, the user's consent to processing may be expressed by using the appropriate settings of a browser or other application. The enforcement of these requirements should be made more effective by way of enhanced powers granted to the relevant national authorities."
Where it is technically possible and effective, in accordance with the relevant provisions of Directive 95/46/EC, the user's consent to processing may be expressed by using the appropriate settings of a browser or other application.
Article 29 Working Party
• Opt in is required• Specific and fully informed consent• Limit in time scope of consent• Offer the ability to revoke consent• Create visible tools to show monitoring • Browser settings are not sufficient
HM Government on Cookie law
Photo: Jontintinjordan on Flickr http://www.flickr.com/photos/jontintinjordan/4065621328/
• “Not gold plated”
• Working on browser settings
• ICO to delay enforcement
New cookie law
The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011
Regulation 6:•Clear and comprehensive information• Given his or her consent• Sufficient that requirements are met in respect of the
initial use• Consent may be signified by:
– a subscriber who amends or sets controls on the internet browser...or
– by using another application or programme to signify consent
• Exceptions
“At present, most browser settings are not sophisticated enough to allow you to assume that the user has given their consent to allow your website to set a cookie….So, for now we are advising organisations which use cookies or other means of storing information on a user’s equipment that they have to gain consent some other way”. ICO Guidance: Changes to the rules on using cookies and similar technologies for storing information 10 May 2011 www.ico.gov.uk
“You are best placed to work out how to get information to your users, what they will understand and how they would like to show that they consent to what you intend to do” ICO Guidance: Changes to the rules on using cookies and similar technologies for storing information 10 May 2011 www.ico.gov.uk
What should you do?
• Consent• Browser settings • Information • “i” logo • Non-cookie site• Hybrid• Costs • Risks• Cookie Collective – coming up next....
The Cookie Collective
Introduction
We are a partnership of web agencies concerned about the implications of the new Cookie Law.
The Cookie Collective
Public awareness of the law was almost zero
A lot of technology companies were not aware of it
Nobody knew what the potential impact would be
The Cookie Collective
We built a browser plug-in to capture information about cookies.
Available for Chrome and Firefox at www.cookielaw.org
The Cookie Collective
Since April 2011 we have collected over
130 million cookie records for 25,000+ domains
The Cookie Collective
The average browser session involves2 Cookie Transactions per second
The Cookie Collective
BBC.CO.UK has over2,000 unique cookies
The Cookie Collective
You can search for a particular domain at:
www.cookielaw.org/cookie-search.aspx
The Cookie Collective
Working with the DCMS and the ICO to share our insights gained from this data to influence the application of the cookie law.
Building solutions for website owners to gain legal compliance.
The Cookie Collective
The Cookie Law Toolkit
Introduction
The Cookie Law Toolkit is a web service for obtaining consent from visitors for the use of cookies.
The Cookie Law Toolkit
Webmasters insert a simple script into their site pages.
The script connects to the Cookie Collective’s database.
It presents visitors with information and functionality required for websites to gain informed consent to place and retrieve cookies.
About the CLT
The Toolkit can also prevent some cookies (GA, most 3rd party cookies) from being loaded until consent is given.
Server side cookies will require different methods
About the CLT
Example Consent Notice
Example Consent Notice
You can see the prototype in action at:http://cc.qa.governor.co.uk/
About the CLT
What Next?
The Cookie Collective
Roll out the service for Website owners to create their own
compliance tool
The Cookie Collective
Create tools to manage consent for cookies across domains
The Cookie Collective
Work with Government and ICO to ensure that our solutions give
webmasters tools not just to comply but help increase visitor engagement
The Cookie Collective
Questions?