//
you're reading...
Security

Cookies and the law

Time to get permission to set them there cookies or face the consequences.
ICO gives advice on how UK websites should handle the requirements of new EU legislation.
Deadline: 26/May/2011— tick tock tick tock

The main point here is that you must explicitly (a word emphasised repeatedly in the advice) gain consent before leaving all but the most essential cookies.
It is advised that essential will be considered by the ICO in the narrowest possible terms. Those cookies absolutely required to allow the communication to exist at all, for example.

Webmasters and legal teams need to think about how they plan to gain this consent. My preference is to update the T&C on the site, but be advised, you must explicitly inform the user that they have changed.

Perhaps someone out here can give some options for the best approaches available?

For reference this is “Privacy and Electronic Communications Regulation”. You still need to consider Data Protection separately.

References:
ICO advice
ICO press release
PERC on ICO
All About Cookies

– Posted using BlogPress

About harlekwinblog

"Thoughts of an idle mind." Information Security professional.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Categories

RSS This Blog…

  • An error has occurred; the feed is probably down. Try again later.

Share me…

Bookmark and Share

Twitter Updates

May 2011
S M T W T F S
« Apr   Jun »
1234567
891011121314
15161718192021
22232425262728
293031  
%d bloggers like this: