So, it’s the 25 May 2012 and after a year of reading, amending policies and procedures, committee meetings, peer review, discussions on forums, emails and blogs I reckon that most people still don’t really know what they should be doing about the new EU Cookie Law (e-Privacy Directive) which comes into force tomorrow. AWESOME.
We’ve taken advice from e-Consultancy (of which we are Silver members), BoagWorld, Brian Kelly (of course!), JISC Legal, Precedent, and colleagues around the sector who have been kind enough to share their thoughts either over email or on blog posts, such as Edge Hill.
Wired magazine tells us to just get on and do it (whatever it is!) and cites BT as a good example (via Tim Leighton-Boyce). But they seem to be advocating ‘not opting out’ as consent, whereas surely the law dictates that users must opt-in??? Gaaaah.
The BBC have gotten involved and yesterday launched their changes in response to the cookie law which sees their sites having cookies enabled by default with users having to opt-out (another one!?). They also have ‘strictly necessary‘ cookies which also seems to be against the spirit of the law. This was accompanied by an article today referencing Don Draper and his whiskey swigging breakfast habit.
Another article from the BBC quotes Dave Evans from the ICO as saying “We never said was that if you’re not compliant by 27 May we will come and get you. What we want is good compliance, not rushed compliance. If it’s focused people’s minds, that’s a good thing.”
Our Information, Infrastructure, Access and Security Committee (snappy, eh!) have this in their brief and they seem confident that this is enough. However, I am having a bit of a wobble with the whole ‘opt in’ thing.
STOP PRESS: Just found another article on the ICO website which talks about ‘implied consent’. To quote:
- Implied consent is a valid form of consent and can be used in the context of compliance with the revised rules on cookies.
- If you are relying on implied consent you need to be satisfied that your users understand that their actions will result in cookies being set. Without this understanding you do not have their informed consent.
Back to the drawing board. . . .
Oh – and here’s a nice infographic from e-Consultancy.