6 June 2012 at 10:58am
Although its main concern is the more general application of consent to data processing a new Opinion from the Article 29 Working Party also provides the first positive hint I’ve seen from regulators on what they think an acceptable cookie interface might look like. Although this is a helpful development – statements from other regulators have mostly concerned what was not acceptable – their ideas still seem to raise significant technical and legal issues.
6 June 2012 at 10:57am
Although consent is a key concept in Data Protection, discussions of it often seem confused and legal interpretations inconsistent. For example the European Commission has in the past called both for a crackdown on the over-use of consent and for all processing of personal data to be based on consent!
6 June 2012 at 1:45pm
On a privacy course I teach for system and network managers I suggest a scale of "privacy riskiness", the idea there being that if you can achieve an objective using information from lower down the scale then you run less risk of upsetting your users and/or being challenged under privacy law. That scale is very much a rule of thumb, derived by a kind of reverse engineering from various bits of European and UK telecommunications law by assuming that the more conditions a law places on a particular type of information, the more privacy invasive it is.
6 June 2012 at 10:55am
Federated access management can make things nice and simple for both the user and the service they are accessing. By logging in to their home organisation the user can have that organisation release relevant information to the service - "I am a student", "this is my e-mail address" and so on. And because that information comes from the organisation, the service is likely to consider it more reliable than information self-asserted by the individual user (especially if being a student entitles you to benefits such as site licences, reduced prices, etc.).
6 June 2012 at 10:55am
An interesting question on the EU's new cookie law is which cookies am I responsible for. For example when reading this blog you will receive some cookies from the underlying Wordpress platform for purposes such as maintaining your session, remembering your name and e-mail if you leave a comment so you don't have to re-type them next time and so on.
6 June 2012 at 10:51am
Europe and the USA are often seen as having very different approaches to personal data: Europe has an over-arching law covering all personal data, the US has some specific laws on particular uses of personal data. One area that is covered by US legislation is the use by universities and colleges of information about their students; since there is increasing exchange of both students and their data across the Atlantic, it seemed worth spending a bit of my time to compare the two laws.
6 June 2012 at 10:51am
Many of the problems in applying European Data Protection Law on-line arise from uncertainty over whether the law covers labels that allow an individual to be recognised (i.e. "same person as last time") but not - unless you are the issuer of the label - identified (i.e. "Andrew again").
6 June 2012 at 10:50am
The law graduate in me having gone to lie down with a headache from trying to understand the implications of the new UK cookie law, the maths graduate is having a look at it. So the following bears no relation to legal thinking; since it's ten years since I ran a web server it may also bear little relation to what's actually feasible! So please don't quote me in discussions of those aspects.
6 June 2012 at 10:50am
With a new law on obtaining consent for cookies coming into force today, the Information Commissioner has published details of how the ICO's own site has been updated to comply. There appear to be three main changes:
6 June 2012 at 10:49am
The Privacy and Electronic Communications (EC Directive)(Amendment) Regulations 2011 have now been published, amending the previous Privacy and Electronic Communications (EC Directive) Regulations 2003 as required by the new EC Telecommunications Directives.
Subscribe to Privacy