C Day – T minus 1

So, it’s the 25 May 2012 and after a year of reading, amending policies and procedures, committee meetings, peer review, discussions on forums, emails and blogs I reckon that most people still don’t really know what they should be doing about the new EU Cookie Law (e-Privacy Directive) which comes into force tomorrow.  AWESOME.

We thought we had it nailed with a revision of our Privacy Policy (which will be properly live later today) and we weren’t planning on putting any pop-ups on, rather explaining what cookies we use and why (mainly Google Analytics and a few third party cookies such as Add-This and YouTube)

We’ve taken advice from e-Consultancy (of which we are Silver members), BoagWorld, Brian Kelly (of course!), JISC Legal, Precedent, and colleagues around the sector who have been kind enough to share their thoughts either over email or on blog posts, such as Edge Hill.

Wired magazine tells us to just get on and do it (whatever it is!) and cites BT as a good example (via Tim Leighton-Boyce).  But they seem to be advocating ‘not opting out’ as consent, whereas surely the law dictates that users must opt-in???  Gaaaah.

The BBC have gotten involved and yesterday launched their changes in response to the cookie law which sees their sites having cookies enabled by default with users having to opt-out (another one!?).  They also have ‘strictly necessary‘ cookies which also seems to be against the spirit of the law.  This was accompanied by an article today referencing Don Draper and his whiskey swigging breakfast habit.

Another article from the BBC quotes Dave Evans from the ICO as saying “We never said was that if you’re not compliant by 27 May we will come and get you. What we want is good compliance, not rushed compliance. If it’s focused people’s minds, that’s a good thing.”

So, could it be that with our revised Privacy and Cookie Policy (new name!), informing users how to alter their cookie settings in browser,  and a commitment to keeping an eye on the ball around the legislation we have done enough?

Anyone?  Someone?

Our Information, Infrastructure, Access and Security Committee (snappy, eh!) have this in their brief and they seem confident that this is enough.  However, I am having a bit of a wobble with the whole ‘opt in’ thing.

So, plan for today is to get the Privacy and Cookie Policy webified, live and linked to across our ‘corporate website’ and hope that the Cookie Law police don’t catch up with me over the weekend mid-BBQ.

Thanks to http://www.flickr.com/photos/bochalla/ and http://www.flickr.com/photos/darrentunnicliff/ for the pics!

STOP PRESS: Just found another article on the ICO website which talks about ‘implied consent’.  To quote:

  • Implied consent is a valid form of consent and can be used in the context of compliance with the revised rules on cookies.
  • If you are relying on implied consent you need to be satisfied that your users understand that their actions will result in cookies being set.  Without this understanding you do not have their informed consent.

Back to the drawing board. . . .

Oh – and here’s a nice infographic from e-Consultancy.