Member nations of the European Union have always maintained a strong stance when it comes to protecting the individual privacy rights of EU citizens. EU privacy legislation was long established before computers and the Internet became necessary aspects of daily life, therefore it was only natural that when such technology became commonplace, the EU had to modify legislation to deal with privacy challenges that result with the collection of personal information from users.
First enacted in 2002 under Article 95 of the European Parliament and Council, the “Privacy and Electronic Communications Directive” legally established the premises for consumer data protection and privacy with regards to computers and the Internet. Specific issues regulated under this directive include confidentiality of information, treatment of traffic data, spam and cookies.
Due to the evolutionary nature of technology and new privacy challenges that emerge as a result of this evolution, the directive has been modified over the years with each new modification requiring compliance by organizations and individuals that use various methods in handling electronic communications with individuals either through their websites or other computer-driven technologies.
The most recent modification to the directive took place in 2011 and affects the way website owners use cookie technology to interact with users in the EU and obtain personally identifiable information. The new directive explicitly demands that website owners:
1.) Inform users about the purpose of the cookies their websites store on user computers.
2.) Request user permission before storing such cookies on computers.
From a legal perspective, it sounds rather beneficial to website users located in Europe but when you consider the number of cookies available per website, especially for some very large websites, the idea of implementing a solution which enables compliance with this directive seems like a very tall mountain to climb.
The basic solution for compliance would be to have pop-ups on the pages of a website which require users to accept or decline cookies before they can use the site. However when you consider the number of pop-ups required for this alone and the time wasted, users might simply opt for websites not affected by the corresponding legislation instead and thus a substantial loss in revenue might result for affected website owners.
Complaints from website owners and businesses liable to be affected emerged after the directive was issued and are still being voiced.
Confusion over a way to effortlessly implement the directive as well as concerns over the speed of compliance led the UK to defer the mandatory compliance for all websites within its jurisdiction for a year. The directive currently comes into effect in May 2012. The penalties for violation of this directive are no joke; the Information Commissioners Office (ICO) which is the body responsible for enforcing the law within the United Kingdom has been empowered to collect fines of up to GBP 500,000 in the event of a violation by a website owner.
This has led to a scramble to find solutions and several firms have all come up with ways of implementing the solution which they consider non-intrusive and a means for website owners to retain their traffic without infuriating website visitors.
Some firms are offering managed solutions to assist with this compliance, while others have fashioned standalone tools which website owners can download and custom-configure to satisfy their own peculiar requirements.
Website owners who intend to implement effective solutions need to understand that the process does not start with installing the corresponding solution on their websites first but rather requires them to:
1.) Determine what cookies their websites use and store on user computers
2.) Determine the purpose of such cookies
3.) Amend their privacy policies and terms of use to reflect the need to request
user permission before storing cookies on user computers.
Only after these preliminary processes have been completed can the corresponding solutions be implemented on the affected websites.
Website owners however need to be aware of some of the finer points of the legislation which could reduce their workload. First, not all cookies are subject to the restrictions of the new law. The directive makes provisions for what it deems “strictly necessary” cookies which website owners do not have to request user permissions to store and use. Explained in simple terms, a strictly necessary cookie is one which is needed to deliver a service required by the user. Example of such cookies include: session tracking cookies and cookies that track user purchases in a shopping cart.
Secondly, the location of the visitor matters more that the location of the website or its owner. Privacy laws are meant to protect EU residents against violations, thus compliance is targeted at website owners regardless of location making privacy provisions for the particular end-users who are located in European countries.
The argument is still on-going about the merits and demerits of the legislation. However, rather than wait for the enforcing parties to make convenient last minute changes to this legislation, website owners should try to determine how best to achieve compliance and implement creative and non-intrusive solutions. Complications might arise for those hoping to do everything at the last minute, which in turn could result in court cases with serious legal and financial ramifications for the unlucky.
By www.cookieblocker.co.uk the Cookie Blocking Wordpress Plugin.
Recent Comments