EU e-Privacy Law

posted on 17th May 2012 by Andy L

The 'deadline' for the EU Cookie Law will be on the 26th May 2012, after being deferred one year.  We've had a couple of questions from our clients on what it means to be compliant, and whether they need to take any action to do so.  I hope to satisfy your enquiry with the information below:

criticisms

The main issue with the law, according to many of its critics, is the fact that websites will become liable for something that is essentially controlled by the end user.  Historically an end-user has been able to set their cookie preferences in their browser - the problem with this is that cookies have many uses but all look the same.  It wasn't long ago that you could log on to msn.co.uk and end up with several cookies all tracking your behaviour on websites that had no relationship to msn.  

The aim of the EU directive is to stop such behaviours.  If someone logs onto scorecomms.com - I should not be using it as an opportunity to add a tracking device so that next time they visit scorecomms.com I can track which other sites they've been on.  This sort of use is technically possible, but far beyond what an average consumer would expect to allow.

Re-education

This new cookie law is an attempt by the EU to educate end-users as to what their cookies are actually being used for and to prevent sites from using and abusing cookies for their own anti-competitive and illicit gains.  Instead of it being something controlled via a browser, all sites will have to enable the user to 'opt-in' to using cookies.

This will prevent the user from clicking the 'do not show this message again' checkbox on their pop-up - something probably done when the browser was first opened on the new PC and never thought about again.

What are score doing to comply? 

At the moment there are a few methods available to acheive compliance.  The complication is that many of these solutions adversely affect the end users' experience of the site by either displaying an ugly pop-up or having unforeseen consequences if cookies are disabled.  This doesn't just impact on our codebase, but on plugins and extensions we integrate from other providers.  We are actively looking at how the handling evolves over the next few months and will implement our solutions accordingly.

From the Information Commissioner's Office

In a recent interview on econsutlancy.com, Dave Evans was asked the following question:

Q: Will you come up with a definitive answer on what compliance is?

A: We don’t know what compliance will look like in a year’s time. There are lots of gaps here, and we want people to fill them with good practice. We can then point to examples of this and everyone will have a greater understanding of what is required. We hope that this will pick up over the next month or so.

Conclusion

Score will be working with all our clients to make sure that they stay compliant.  We can perform a cookie audit to check current compliance levels, and provide a quote for fast-tracking compliance where necessary.