9. Ye old cookie law Privacy and Electronic Communications (EC Directive) Regulations 2003 Regulation 6 Clear and comprehensive information Opportunity to refuse Sufficient that requirements are met in respect of the initial use Exceptions
10. Directive 2009/136/EC Subscriber or user must be asked to give their informed consent to receive cookies Unless The cookie is strictlynecessary to receive the service which has been explicitly requested by the subscriber or user
11. Recital 66 "(66) Third parties may wish to store information on the equipment of a user, or gain access to information already stored, for a number of purposes, ranging from the legitimate (such as certain types of cookies) to those involving unwarranted intrusion into the private sphere (such as spyware or viruses). It is therefore of paramount importance that users be provided with clear and comprehensive information when engaging in any activity which could result in such storage or gaining of access. The methods of providing information and offering the right to refuse should be as user-friendly as possible. Exceptions to the obligation to provide information and offer the right to refuse should be limited to those situations where the technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user. Where it is technically possible and effective, in accordance with the relevant provisions of Directive 95/46/EC, the user's consent to processing may be expressed by using the appropriate settings of a browser or other application. The enforcement of these requirements should be made more effective by way of enhanced powers granted to the relevant national authorities." Where it is technically possible and effective, in accordance with the relevant provisions of Directive 95/46/EC, the user's consent to processing may be expressed by using the appropriate settings of a browser or other application.
12. Article 29 Working Party Opt in is required Specific and fully informed consent Limit in time scope of consent Offer the ability to revoke consent Create visible tools to show monitoring Browser settings are not sufficient
15. ICO to delay enforcementPhoto: Jontintinjordan on Flickr http://www.flickr.com/photos/jontintinjordan/4065621328/
16. New cookie law The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 Regulation 6: Clear and comprehensive information Given his or her consent Sufficient that requirements are met in respect of the initial use Consent may be signified by: a subscriber who amends or sets controls on the internet browser...or by using another application or programme to signify consent Exceptions
17. “At present, most browser settings are not sophisticated enough to allow you to assume that the user has given their consent to allow your website to set a cookie….So, for now we are advising organisations which use cookies or other means of storing information on a user’s equipment that they have to gain consent some other way”. ICO Guidance: Changes to the rules on using cookies and similar technologies for storing information 10 May 2011 www.ico.gov.uk
18. “You are best placed to work out how to get information to your users, what they will understand and how they would like to show that they consent to what you intend to do” ICO Guidance: Changes to the rules on using cookies and similar technologies for storing information 10 May 2011 www.ico.gov.uk
19. What should you do? Consent Browser settings Information “i” logo Non-cookie site Hybrid Costs Risks Cookie Collective – coming up next....
23. The Cookie Collective We are a partnership of web agencies concerned about the implications of the new Cookie Law.
24. The Cookie Collective Public awareness of the law was almost zero A lot of technology companies were not aware of it Nobody knew what the potential impact would be
25. The Cookie Collective We built a browser plug-in to capture information about cookies. Available for Chrome and Firefox at www.cookielaw.org
26. The Cookie Collective Since April 2011 we have collected over 130 million cookie recordsfor 25,000+ domains
27. The Cookie Collective The average browser session involves 2 Cookie Transactions per second
29. The Cookie Collective You can search for a particular domain at: www.cookielaw.org/cookie-search.aspx
30. The Cookie Collective Working with the DCMS and the ICO to share our insights gained from this data to influence the application of the cookie law. Building solutions for website owners to gain legal compliance.
32. The Cookie Law Toolkit The Cookie Law Toolkit is a web service for obtaining consent from visitors for the use of cookies.
33. About the CLT Webmasters insert a simple script into their site pages. The script connects to the Cookie Collective’s database. It presents visitors with information and functionality required for websites to gain informed consent to place and retrieve cookies.
34. About the CLT The Toolkit can also prevent some cookies (GA, most 3rd party cookies) from being loaded until consent is given. Server side cookies will require different methods
41. The Cookie Collective Work with Government and ICO to ensure that our solutions give webmasters tools not just to comply but help increase visitor engagement