Bootlaw Cookies

The New Cookie Law

June 2011

#Bootlaw

Nice cookies

Platine Chocolate Chip Cookies by Muy Yum 2009

HMP1 1 hotmail.msn.com/ 0 1715191808

32107852 1236821008 29449527 *

Nasty cookies?

Ye old cookie law

Privacy and Electronic Communications (EC Directive) Regulations 2003

•Regulation 6• Clear and comprehensive information• Opportunity to refuse• Sufficient that requirements are met in respect of the

initial use• Exceptions

Directive 2009/136/ECSubscriber or user must be asked to give their informed consent to receive cookies

Unless

The cookie is strictly necessary to receive the service which has been explicitly requested by the subscriber or user

Recital 66

"(66) Third parties may wish to store information on the equipment of a user, or gain access to information already stored, for a number of purposes, ranging from the legitimate (such as certain types of cookies) to those involving unwarranted intrusion into the private sphere (such as spyware or viruses). It is therefore of paramount importance that users be provided with clear and comprehensive information when engaging in any activity which could result in such storage or gaining of access. The methods of providing information and offering the right to refuse should be as user-friendly as possible. Exceptions to the obligation to provide information and offer the right to refuse should be limited to those situations where the technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user. Where it is technically possible and effective, in accordance with the relevant provisions of Directive 95/46/EC, the user's consent to processing may be expressed by using the appropriate settings of a browser or other application. The enforcement of these requirements should be made more effective by way of enhanced powers granted to the relevant national authorities."

Where it is technically possible and effective, in accordance with the relevant provisions of Directive 95/46/EC, the user's consent to processing may be expressed by using the appropriate settings of a browser or other application.

Article 29 Working Party

• Opt in is required• Specific and fully informed consent• Limit in time scope of consent• Offer the ability to revoke consent• Create visible tools to show monitoring • Browser settings are not sufficient

HM Government on Cookie law

Photo: Jontintinjordan on Flickr http://www.flickr.com/photos/jontintinjordan/4065621328/

• “Not gold plated”

• Working on browser settings

• ICO to delay enforcement

New cookie law

The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011

Regulation 6:•Clear and comprehensive information• Given his or her consent• Sufficient that requirements are met in respect of the

initial use• Consent may be signified by:

– a subscriber who amends or sets controls on the internet browser...or

– by using another application or programme to signify consent

• Exceptions

“At present, most browser settings are not sophisticated enough to allow you to assume that the user has given their consent to allow your website to set a cookie….So, for now we are advising organisations which use cookies or other means of storing information on a user’s equipment that they have to gain consent some other way”. ICO Guidance: Changes to the rules on using cookies and similar technologies for storing information 10 May 2011 www.ico.gov.uk

“You are best placed to work out how to get information to your users, what they will understand and how they would like to show that they consent to what you intend to do” ICO Guidance: Changes to the rules on using cookies and similar technologies for storing information 10 May 2011 www.ico.gov.uk

What should you do?

• Consent• Browser settings • Information • “i” logo • Non-cookie site• Hybrid• Costs • Risks• Cookie Collective – coming up next....

The Cookie Collective

Introduction

We are a partnership of web agencies concerned about the implications of the new Cookie Law.


Public awareness of the law was almost zero

A lot of technology companies were not aware of it

Nobody knew what the potential impact would be


We built a browser plug-in to capture information about cookies.

Available for Chrome and Firefox at www.cookielaw.org


http://www.cookielaw.org/

Since April 2011 we have collected over

130 million cookie records for 25,000+ domains


The average browser session involves2 Cookie Transactions per second


BBC.CO.UK has over2,000 unique cookies


You can search for a particular domain at:

www.cookielaw.org/cookie-search.aspx


http://www.cookielaw.org/cookie-search.aspx

Working with the DCMS and the ICO to share our insights gained from this data to influence the application of the cookie law.

Building solutions for website owners to gain legal compliance.


The Cookie Law Toolkit

Introduction

The Cookie Law Toolkit is a web service for obtaining consent from visitors for the use of cookies.

The Cookie Law Toolkit

Webmasters insert a simple script into their site pages.

The script connects to the Cookie Collective’s database.

It presents visitors with information and functionality required for websites to gain informed consent to place and retrieve cookies.

About the CLT

The Toolkit can also prevent some cookies (GA, most 3rd party cookies) from being loaded until consent is given.

Server side cookies will require different methods

About the CLT

Example Consent Notice

Example Consent Notice

You can see the prototype in action at:http://cc.qa.governor.co.uk/

About the CLT

http://cc.qa.governor.co.uk/

What Next?


Roll out the service for Website owners to create their own

compliance tool


Create tools to manage consent for cookies across domains


Work with Government and ICO to ensure that our solutions give

webmasters tools not just to comply but help increase visitor engagement


Questions?

Entertainment & Humor

Bootlaw Cookies