Cookies, like it or hate it the change has arrived!


The new regulations on how cookies are allowed to be used have arrived amidst a blizzard of criticism from the people who have to implement the changes. What are they? Simple, instead of applying a cookie directly to a ‘customer’ they now have to opt-in to allow the cookie to be applied.

This came about due to the Article 29 Working Party (A29WP) having a deeper look into the murk that is consent and deciding that consent need to be more informed as the current methods are not transparent enough. Yes, we all know the T&Cs about the application of cookies is buried somewhere towards the end of a website’s ‘compulsory read’ but how many people actually read them? Probably about 1% of all users, if it is any more then I would be very surprised as it could take you all day to read just a few (Apple’s runs to 30 pages when printed!!) so virtually everyone just ticks the box and moves on. So is this consent fair in the meaning of the Directive and the Act? Basically the answer is no, there is no meeting of the 1st Principle as the information has not been collected fairly as the customer does not know what you are doing with their data….

So, when the A29WP looked into this, they discovered that virtually all cookies are not meeting the requirements of fair processing and decided to do something about it. I must admit that the idea they came up with is rather radical and very work intensive for the website builders but is that a consideration? Should we be more focussed on what the customer wants and understands or should we be harvesting information willy-nilly? The A29WP also pointed out that unambiguous consent would need to be clarified and blanket consent will not be allowed.

Eduardo Ustaran, a Partner at Field Fisher Waterhouse and an expert in the implementation of the A29WP Data Protection directives , said of this: “In some respects, like the fact that consent is linked to ‘control’ and can be concluded from behaviour, I agree with the black and white approach of the WP29. However, wherever there is room for interpretation, the WP29 has gone for the most conservative approach and that is not realistic. In the context of the e-Privacy Directive and the consent requirement for cookies, the WP29’s expectations of unambiguity are such that they do not allow for any reasonable proportionality in the standards of consent. Another example of this is the absolute demand for ‘prior’ consent for the use of cookies, which even departs from the UK Government’s interpretation of the law.

Looking at all this as a customer I must say that I would  want to know what you are doing with my information when I log on to a website but, like everyone else, I do not have the time, or inclination, to trawl through your endless T&Cs to find out what your cookie policy is. Yes, I do go through and clean out unwanted cookies from my hard drive but half the time I do not know what they are doing so I welcome the idea that I can choose whether to allow a cookie or not.

From the other side of the fence it is an extreme irritation and cost to have to set this up as it means I am not going to get anywhere near enough information about my customers nor am I going to be able to track what they do. This means my customer base is going to recede and I will have to spend more time and expense building it up, I may even have to change the way I offer things but that is all part and parcel of this new Directive from the A29WP.

This all came in on May 26th this year but the Information Commissioner has said he does not expect every company to be fully compliant straight away but to develop their systems as quickly as possible. He has prodiced a guidance note on this ICO Cookie Guidance which takes you through the requirements and offers some advice on how to implement the new regulations. The only problem is nobody has given any real thought to how it can be done without damaging the user experience or the website reporting.

What it also means is that I will need to have a Privacy Policy that details what they are and how the cookies will be used, who I will be sharing them with and what the customer needs to do to manage them. Hmm, this sounds kind of familiar under my fair processing notice….. This will also have to be updated to show what types of and the purpose of each cookie I am setting as well as what information it is recirding and using and who else has access to it.

Now forgive me for feeling slightly cynical here but isn’t this what we should have been doing all along? Yes!! Until now we have all been using cookies as surreptitious undercover agents and now we have all been caught out we have to put out hands up and start doing it properly. So come on everyone, the only reason this new directive is not liked is due to the fact we have been rumbled and now have to do things properly, oh well, maybe big brother is watching us watching them.

Oh, and please note, I have no cookies set that will track who you are reading this blog

Advertisements

About KPG Professional Services

Kevin has been working in the Data Protection field for over 20 years with The Post Office, Royal Mail Marketing, The Royal Bank of Scotland and Glasgow Housing Association Ltd. He is also trained in the Freedom of Information (Scotland) Act 2002 and has supplied expertise and support in this discipline for the past 4 years. In his leisure time Kevin is a presenter on Hospital Radio, an SRU rugby referee and referee coach and also the stadium announcer at McDiarmid Park for his team St Johnstone in the Scottish Premier League.
This entry was posted in Cookies, Data Protection, Fair Processing, Information Security. Bookmark the permalink.

One Response to Cookies, like it or hate it the change has arrived!

  1. Informative article. Hope more people will read and offer comments

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s