2. Programme
∗ Introductions
∗ What the law says
∗ Will the law be enforced?
∗ What we need to do
∗ Assess the problem
∗ Provide information
∗ Ask for consent?
3. This presentation is intended to help you
understand aspects of the Privacy & Electronic
Communications (EC Directive) (Amendment)
Regulations 2011 and related legislation.
It is not intended to provide detailed advice on
specific points, and is not necessarily a full
statement of the law.
4. Where we are so far
∗ Privacy and Electronic Communications (EC
Directive) (Amendment) Regulations 2011 came
into force on 26th May 2011
∗ Information Commissioner announced a year’s
grace before enforcement action would be taken
∗ Information Commissioner issued guidance in
December 2011
5. What the Regulations say
∗ You must not store information (e.g. through a
cookie) on someone else’s computer unless:
∗ they have clear information about the purpose; and
∗ they have given consent
∗ You only have to ask them the first time
∗ They can consent through browser settings (but …)
∗ You don’t need consent for cookies that are ‘strictly
necessary’ for the functioning of a website
6. What the Information
Commissioner says
∗ He wants ‘good solutions rather than rushed ones’.
∗ No ‘wave of knee-jerk formal enforcement action’
as long as people are making the effort to comply.
∗ There are ‘pockets of good practice’ and while he
‘cannot endorse specific products or services’,
there are ‘people going about this the right way’.
∗ Analytics cookies are covered, but not a priority.
7. What do we need to do?
∗ Document what cookies we have
∗ Assess how intrusive they are
∗ Decide whether we really need them all
∗ Provide appropriate information
∗ In the privacy statement
∗ At appropriate points on the website
∗ Decide what we need consent for and how to get it
∗ Work out how people can withdraw consent
8. Thank you
∗ Slides and links to other material will be circulated
by e-mail shortly
∗ Follow-up questions welcome:
paul@paulticher.com
∗ More webinars on topics related to Data Protection:
www.paulticher.com/webinars/