HomeFAQSearchRegisterLog in

Share | 
 

 New law on cookies, data breaches and ICO powers comes into force today

View previous topic View next topic Go down 
AuthorMessage
Spellarella
Lifer
Lifer
avatar

Posts : 3905
Join date : 2009-08-16
Location : Peeking out of a drain.

PostSubject: New law on cookies, data breaches and ICO powers comes into force today   Fri May 27, 2011 5:39 am


New laws governing cookies, personal data breaches and the powers of the UK's privacy watchdog come into force today. The Privacy and Electronic Communications (Amendment) Regulations implement changes in EU law.


The new law requires website operators to make sure they have "informed consent" for the use of cookies. Business groups and privacy watchdogs are divided, though, on exactly what this means.

The new Regulations implement changes made in 2009 to the European Union's ePrivacy Directive .

The changes aim to give users more choice and control over what information businesses and other organisations store on their computers and how they track users.

Businesses have said that they are confused about exactly what they need to do in order to comply with the new laws. UK privacy watchdog the Information Commissioner's Office (ICO) recently published guidance on how websites can comply with the new cookie laws and the informed consent requirements.

That guidance, though, is not definitive and leaves it up to organisations to decide how best to obtain the necessary consent.

The ICO said this week that organisations would have a year in which to change their use of cookies to comply with the law before it began taking enforcement action.

The Government has said that it is working with browser makers to come up with a way to gather consent via browser settings, but said that this will not be ready for this week's implementation of the laws.

"The delay in the publication of guidance, the lack of clarity and Government's admission that a technical browser-based solution will not be ready by the implementation date has left businesses and organisations in a state of uncertainty," said Clarie McCracken, a technology law specialist at Pinsent Masons, the law firm behind OUT-LAW.COM. "There is no definitive guidance on how to achieve compliance, leaving businesses and organisations without a firm course of action to ensure that they don't fall foul of the new cookie laws."

The ICO said that businesses must be able to show that they are addressing their use of cookies and are putting into place a plan to comply with the new law as soon as it comes into effect.

"The government's view is that there should be a phased approach to the implementation of these changes. In light of this, if the ICO were to receive a complaint about a website, we would expect an organisation's response to set out how they have considered the points above and that they have a realistic plan to achieve compliance", the ICO guidance said.

The Regulations also introduce a new requirement that certain kinds of companies tell customers when their personal data has been exposed through hack attacks or loss.

According to the Regulations a "personal data breach" is "a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed in connection with the provision of a public electronic communications service" the Regulations said.

When this happens the company must tell the ICO, outlining what happened, what the consequences are likely to be and waht action the cmopany has taken.

Companies must also tell users about the breach if it is likely to affect their data.
Back to top Go down
Spellarella
Lifer
Lifer
avatar

Posts : 3905
Join date : 2009-08-16
Location : Peeking out of a drain.

PostSubject: Re: New law on cookies, data breaches and ICO powers comes into force today   Fri May 27, 2011 5:41 am

ICO gives site operators a year to comply with new cookie law


Website operators have a year to change the way they use cookies to comply with new laws, the Information Commissioner's Office (ICO) has said. Those that make no effort to change could still face sanctions, though, the ICO said.



From tomorrow, UK laws based on the EU's Privacy and Electronic Communications Directive will force websites to obtain users' consent in order to store cookies. Cookies are small text files that record user activity on websites.

The ICO, the UK's data protection regulator, has given most operators of consumer websites a year's grace before serious enforcement of the new laws will begin.

"Although there isn’t a formal transitional period in the Regulations, the government has said they don’t expect the ICO to enforce this new rule straight away," Christopher Graham, the Information Commissioner, said in a statement.

"So we’re giving businesses and organisations up to one year to get their house in order. This does not let everyone off the hook. Those who choose to do nothing will have their lack of action taken into account when we begin formal enforcement of the rules," Graham said.

The ICO said it was allowing the exemption period because there was no adequate technical solution within browser settings to obtain user consent to cookies. The Government has said it is working with browser manufacturers to establish a new system for gaining user consent through their settings.

"Browser settings giving individuals more control over cookies will be an important contributor to a solution," said Graham.

The ICO said it would respond to complaints about cookies during the exemption period by advising website owners how to comply with the new Privacy and Electronic Communications Regulations, an ICO guide on how it will enforce the regulations said.

"[The Information Commissioner] will provide advice to the organisation concerned on the requirements of the law and how they might comply, said

"Where he considers it appropriate, and particularly as May 2012 approaches, he will also ask organisations to explain to him the steps they are taking to ensure that they will in fact be in a position to comply by May 2012," the guide said.

The ICO recently published guidance on how organisations can comply with the new regulations. It suggested a variety of options websites could use to gain user consent, including prompting users with pop-up questions about their consent to cookies or writing cookie consent into terms and conditions users have to agree to when registering with a site.

Website features, such as videos, that remember how users personalise their interaction, could also determine user consent, the ICO said.

The Information Commissioner said the ICO website now operates a header giving users the choice how to manage their cookies but said that it may not be an appropriate solution for other websites.

"We’ve decided to place a header bar on our website giving users information about the cookies we use and choices about how to manage them," Christopher Graham said in the ICO press release.

"I am not saying that other websites should necessarily do the same. Every website is different and prescriptive and universal ‘to do’ lists would only hinder rather than help businesses to find a solution that works best for them and their customers," Graham said.

Under the new UK regulations the ICO has been given extra powers to impose penalties of up to £500,000 on websites that breach the new regulations, the ICO enforcement guide says.

The ICO can also investigate the measures taken by website providers to safeguard the security of public electronic communications, investigate and fine websites depending on how they deal with personal data breaches and can demand information about users to investigate how a website complies with the new regulations, the ICO enforcement guide says.

"Along with the power to impose financial penalties on telecoms and internet companies who fail to notify us about their data breaches, we will also have stronger powers to investigate the businesses behind nuisance marketing calls and spam texts," Christopher Graham, Information Commissioner, said in the ICO press release.

"Tackling the businesses that make money from this is a challenge, but these new powers will give us access to more of the information we need to do the job," Graham said
Back to top Go down
Spellarella
Lifer
Lifer
avatar

Posts : 3905
Join date : 2009-08-16
Location : Peeking out of a drain.

PostSubject: Re: New law on cookies, data breaches and ICO powers comes into force today   Fri May 27, 2011 5:42 am

Cookie consent can come after tracking has taken place, says minister


Companies could obtain users' consent for tracking their behaviour with cookies after the fact, a Government minister has said. Culture minister Ed Vaizey said that new rules do not specify that 'prior' consent is necessary.

Vaizey said in an open letter to website owners that new laws due to come into force tomorrow should not force them to gain users' consent before they make use of cookies.

"It is possible that consent may be given after or during processing," Vaizey said in the letter.

From tomorrow, UK laws based on the EU's Privacy and Electronic Communications Directive will force websites to obtain users' consent in order to store cookies. Cookies are small text files that record user activity on websites.

Vaizey said that there was no requirement for prior permission stipulated in the EU Directive and that therefore it had not been an included requirement within the new Privacy and Electronic Communications Regulations in the UK, which come into force tomorrow.

Vaizey, who is Minister for Culture, Communications and Creative Industries, said that though this was an unusual interpretation of the EU law, it was a legitimate one.

"It is important that stakeholders are aware that in its natural usage ‘consent’ rarely refers to a permission given after the action for which consent is being sought has been taken. This absolutely does not preclude a regulatory approach that recognises that in certain circumstances it is impracticable to obtain consent prior to processing," Vaizey said.

"It also supports any approach underpinned by industry’s attempts to inform users about the specific choices available and as a result allow users to make choices (ie give consent) based on that information," Vaizey said.

Vaizey said it was the "firm view" of the Government that the new regulations "enable" the new online behavioural advertising framework established by the Internet Advertising Bureau (IAB) Europe. The framework is a self-regulatory system for websites that will require websites to place an icon on adverts on their site that track user activity through cookies.

Data Protection regulator the ICO today published guidance which said that it would give website operators a year in which to implement the law before it took enforcement action
Back to top Go down
Sponsored content




PostSubject: Re: New law on cookies, data breaches and ICO powers comes into force today   

Back to top Go down
 
New law on cookies, data breaches and ICO powers comes into force today
View previous topic View next topic Back to top 
Page 1 of 1
 Similar topics
-
» Save Data JP
» Can I Export My Forum Data?
» Data East Boot Up Problem
» Chat Cookies
» Installing Windows 10? TURN OFF DATA SHARING!!!!!

Permissions in this forum:You cannot reply to topics in this forum
 :: General Chat :: News and Current affairs-
Jump to: