The Cookie Law

Transcript

1. The  Cookie  Law   –  what  you  need  to  know

    

2. DON’T  PANIC!  

3. and….I  am  not  a  lawyer  

4. Why  am  I  here?   •  Online  privacy  regulaEons  changed

    in  May   2011     •  Enforcement  from  May  2012    

5. Why  am  I  here?   •  Only  provide  informaEon  –

    In  the  past   •  Consent  from  user  to  use  cookies  –  Now   •  Concerns  –  online  tracking  &  use  of  spyware   •  Behavioural  adverEsing  

6. What’s  in  the  RegulaEons?   •  EU  DirecEve   • 

   Users  need  to  consent  –  can’t  be  assumed   •  There  are  exempEons  if  ‘strictly  necessary’  for   user  

7. What’s  in  the  RegulaEons?   •  Both  have  responsibility  for

    third  party  cookies   •  Where  the  organisaEon  is  based   •  Aware  of  changing  circumstances  –  browser   soluEons,  public  awareness,  etc.   Before  we  go  any  further………………  

8. What  is  a  cookie?   Gives  your  website  a  

     beVer  memory  than  a  goldfish  

9. Shopping  basket  

10. None
11. None
12. None
13. None

14. Key  areas  of  cookies   to  be  aware  of  

15. DuraEon   •  Session  cookies   – UnEl  you  complete  your

     visit  (e.g.  don’t  view  a   page  for  more  than  20-­‐30  mins)   – UnEl  you  exit  your  browser    

16. DuraEon   •  Persistent  cookies   – A  future  date  

    – Usually  extended  on  next  visit  

17. Domains   •  Only  sent  back  to  specified  domains  

    •  Site  ownership?   – not  sent  to  redefine.co.uk  if  set  for  firs^riday.info   •  Matches  right  to  le_   – sent  to  mail.google.com  if  set  for  google.com     – not  sent  to  google.co.uk  if  set  for  google.com  

18. First  party  vs  third  party   •  Any  request  for

     content  can  set  a  cookie   •  First  party  –  sent  from  the  address  you’re   viewing   •  Third  party  –  sent  from  a  different  address   – e.g  image,  video,  social  media  badge  

19. Privacy  concerns   •  Cookie  content  can  link  you  to

     a  database  with   vast  amounts  of  data   •  Persistent  cookies  so  tracking  can  conEnue   •  Set  by  third  party  content  so  can  follow  you   around  the  web  

20. Privacy  concerns   •  Sent  &  received  without  the  knowledge

     of  the   user   •  No  problem  if  user  consents  

21. What  should  website  owners  do?  

22. I  am  not  a  lawyer  

23. First  steps     •  Audit  your  cookie  usage  

      •  Assess  how  intrusive  they  are     •  Update  privacy  policy   •  Signpost  cookie  informaEon  clearly  on  your   site  
24. None

25. Finding  cookies   Demo  

26. Google  analyEcs   expiry  date  

27. Google  analyEcs   expiry  date  

28. Google  analyEcs   expiry  date  

29. Google  analyEcs   expiry  date  

30.  Slideshare   expiry  date  

31. not  Slideshare   expiry  date  

32. Planning  to  take  over  the  world?  

33. Does  your  site  have  user  accounts?   •  Account  login

     classed  as  excepEon   •  Could  have  consent  as  checkbox  when   registering  (like  T&Cs  agreement)  

34. Do  you  have  an  ecommerce  site?   •  ExcepEon  -­‐

     Shopping  basket   •  View  products  -­‐  Don’t  need  cookies   •  Usually  have  account  login  as  well  

35. Does  your  site  use  analyEcs?   •  Needs  consent  

    •  Might  be  necessary  for  site  owner,  but  not  for   users   •  Google  AnalyEcs  are  set  as  first  party   •  ‘highly  unlikely  to  prioriEse  first  party  cookies   used  only  for  analyEcal  purposes’   •  SoluEon  needs  to  be  provided  

36. Does  your  site  use     third  party  services?  

    •  What  do  they  do  with  cookies?   •  Providing  informaEon  a_erwards  is  not   enough  –  e.g.  Google  Ad  Preferences   •  Consider  changing  suppliers   •  Providers  will  have  to  adapt  –  review  regularly  

37. Useful  links   •  www.ico.gov.uk     •  www.aboutcookies.org