Presentation is loading. Please wait.

Presentation is loading. Please wait.

Andrew Cormack Janet Who Burnt the Cookies?. One portion... Mix with... Bake into... Resulting in... Recipe for Trouble Good intentions – They’re breaching.

Published byMarcus Kelly Modified over 7 years ago

Similar presentations

Presentation on theme: "Andrew Cormack Janet Who Burnt the Cookies?. One portion... Mix with... Bake into... Resulting in... Recipe for Trouble Good intentions – They’re breaching."— Presentation transcript:

1 Andrew Cormack Janet Who Burnt the Cookies?

2 One portion... Mix with... Bake into... Resulting in... Recipe for Trouble Good intentions – They’re breaching your privacy... Technological innocence – Using cookies... Legislation – Regulating cookies...

3 An Unpleasant Taste EU Directive amended in 2009 – One small change makes a big difference: “is given the opportunity to refuse the storage of or access to that information” (2003) replaced by “has given his or her consent” (2011) Member States’ Laws due in May 2011 – UK enforcement begins next week Headline story: “All Cookies Need Prior Consent” – But law actually has a number of different flavours...

4

5 How many flavours? Directive says two: – Those “strictly necessary for the provision of an information society service requested by the subscriber or user” – The rest: “must provide information and get prior consent” UK Information Commissioner lists five or more: – Strictly necessary, settings-led, feature-led, functional and analytical, third party,... – Maybe these overlap? But then again...

6 How many ways to (tr)eat them? Three? – Itemise (list and describe) All of them (since 2003!) – except maybe non-personal, essential ones Clear Information Commissioner guidance/examples – Identify (on web pages/functions/etc. that need them) Those that do something the user asked for E.g. Remember language/preference, watch video, personalise Clear Information Commissioner guidance/examples – Interact (through some sort of consent dialogue) Those that do something else E.g. advertising, analytics Not clear 

7 Feeding frenzy? Guidance now appearing thick and fast – And inconsistent  E.g. International Chambers of Commerce – Agrees with ‘necessary’ and ‘functional’ – Analytics count as ‘performance’ (with load-balancers!) – Only cookies displaying adverts (not trackers) need consent E.g. UK Government Data Service – Look at privacy intrusion only – Analytics don’t harm privacy at all

8 Other countries? Seems to be less guidance What I can read mostly matches UK – With interesting variations on “necessary” Unless you know otherwise?

9 Samples now available But – Are these compliant? – Are they user-friendly? – Do they offer the choices you want?

10 UK Information Commissioner

11 British Telecom

12 Janet

13

14 Crumbs of comfort From the Information Commissioner guidance... – “1 st party analytic...might not appear as intrusive as...” (p20) – “simply allow you to improve your website” (p12) – “unlikely to prioritise...in any regulatory action” (p25) – “[ICO] may consider other options ourselves” (p27) Maybe do others first and let these firm up a bit? Behavioural advertising still looks indigestible  – But NRENs and their customers may rely less on these?

15 Leftovers Targeted advertising cookies – Regulators really do seem to want prior consent – ICC agree, but have no idea how to get it – NB when ICO sought cookie consent, only 10% gave it Platform & plugin cookies – “Above” and “Below” your content – Who is responsible for their compliance? And other things stored in the client – Web bugs, flash cookies, etc.

16 Menu (short-term) Work out what cookies you have Document them all Highlight the functional ones Decide on an approach to analytics – Consent-based? – Opt-out? – Privacy-based? Watch out for changes in technology and guidance

17 Menu (long-term) Get better at spotting these bugs when they turn up – Suggest better ways to solve the (real) problem Support our legislators – MEPs have scarily little help – Either in drafting or assess impact of what they do Look at the headlines and the text – They might not be the same – E.g. “right to be forgotten” 

18 I think we were lucky this time...

19 THANK YOU Janet, Lumen House Library Avenue, Harwell Oxford Didcot, Oxfordshire t: +44 (0) 1235 822200 f: +44 (0) 1235 822399 e: service@ja.net

Download ppt "Andrew Cormack Janet Who Burnt the Cookies?. One portion... Mix with... Bake into... Resulting in... Recipe for Trouble Good intentions – They’re breaching."

Similar presentations

Ncfe Academy Advert Project By the Rising Stars Academy.

Ncfe Academy Advert Project By the Rising Stars Academy.
Big Data and data protection

Big Data and data protection
New Canadian Anti-Spam Legislation Robert Lipson – April 8, 2014.

New Canadian Anti-Spam Legislation Robert Lipson – April 8, 2014.
Lecture to Carleton University, Center for European Studies, December 1, 2010.

Lecture to Carleton University, Center for European Studies, December 1, 2010.
Property of Common Sense Privacy - all rights reserved 01875340890 THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Internet Research Finding Free and Fee-based Obituaries Online.

Internet Research Finding Free and Fee-based Obituaries Online.
Presented by Bishop & McKenzie LLP May 30, 2014. Vancouver Sun, “Anti-Spam Legislation Has Businesses Scrambling to Comply”, May 26, 2014.

Presented by Bishop & McKenzie LLP May 30, Vancouver Sun, “Anti-Spam Legislation Has Businesses Scrambling to Comply”, May 26, 2014.
DIABETES UK TRACKER SMARTPHONE APP 28 March #duktracker This app is so focused and simple, yet it's ingenious. I loved the way they tested.

DIABETES UK TRACKER SMARTPHONE APP 28 March #duktracker "This app is so focused and simple, yet it's ingenious. I loved the way they tested.
Using the Internet to Conduct Research What Investigators and IRB Members Should Know -- January 29, 2009 -- Lisa Shickle, MS Analyst, VCU Massey Cancer.

Using the Internet to Conduct Research What Investigators and IRB Members Should Know -- January 29, Lisa Shickle, MS Analyst, VCU Massey Cancer.
Cookie compliance: your 5 day emergency action plan Claire Walker.

Cookie compliance: your 5 day emergency action plan Claire Walker.
Prior Written Notice (PWN) Training Rock Hill Schools Exceptional Student Education 2009.

Prior Written Notice (PWN) Training Rock Hill Schools Exceptional Student Education 2009.
E-Privacy and Cookies: Legal Aspects. E-Privacy Directive 2002/58, amended by 136/2009 Main amendments focus on DBN (security) and confidentiality of.

E-Privacy and Cookies: Legal Aspects. E-Privacy Directive 2002/58, amended by 136/2009 Main amendments focus on DBN (security) and confidentiality of.
EPrivacy & Consenting Cookies Rakuten LinkShare Symposium 2012 Liz Robertson Jones Day 17 April 2012.

EPrivacy & Consenting Cookies Rakuten LinkShare Symposium 2012 Liz Robertson Jones Day 17 April 2012.
TERENA Networking Conference 2005©The JNT Association, 2005 Network Performance Measurement: Privacy and Legal Issues Andrew Cormack, UKERNA

TERENA Networking Conference 2005©The JNT Association, 2005 Network Performance Measurement: Privacy and Legal Issues Andrew Cormack, UKERNA
Osborneclarke.de OBA Breakfast Seminar 22 January 2013 Stephen Groom OC London Action points for UK advertisers.

Osborneclarke.de OBA Breakfast Seminar 22 January 2013 Stephen Groom OC London Action points for UK advertisers.
6 Steps for Resolving Conflicts STEP 1. Begin the Process Calmly approach the person you are having the conflict with, and explain to them that you have.

6 Steps for Resolving Conflicts STEP 1. Begin the Process Calmly approach the person you are having the conflict with, and explain to them that you have.
Marketing / Law / Digital Keith Arrowsmith. Court ActionPress Complaints CommissionTrading StandardsGambling Commission.

Marketing / Law / Digital Keith Arrowsmith. Court ActionPress Complaints CommissionTrading StandardsGambling Commission.
Doc.: IEEE 802.11-05/1096r2 Submission January 2006 Mike Moreton, STMicroelectronicsSlide 1 Emergency Call Support Notice: This document has been prepared.

Doc.: IEEE /1096r2 Submission January 2006 Mike Moreton, STMicroelectronicsSlide 1 Emergency Call Support Notice: This document has been prepared.
Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.

Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.
This was written with the assumption that workbooks would be added. Even if these are not introduced until later, the same basic ideas apply Hopefully.

This was written with the assumption that workbooks would be added. Even if these are not introduced until later, the same basic ideas apply Hopefully.

Similar presentations

Ads by Google