Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The Cookie Law

Ian Barber
February 24, 2012

The Cookie Law

A brief discussion of issues around the EU Privacy Directive with regards to the use of cookies in the UK. Given in the PHP UK 2012 Unconference.

Ian Barber

February 24, 2012

More Decks by Ian Barber

Other Decks in Technology


  1. THE COOKIE LAW ianb@php.net

  2. 6.—(1) Subject to paragraph (4), a person shall not use

    an electronic communications network to store information, or to gain access to information stored, in the terminal equipment of a subscriber or user unless the requirements of paragraph (2) are met. (2) The requirements are that the subscriber or user of that terminal equipment— (a)is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and (b)is given the opportunity to refuse the storage of or access to that information. The Privacy and Electronic Communications (EC Directive) Regulations 2003
  3. (3) For paragraph (2)(b) substitute “(b) has given his or

    her consent”. The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011
  4. User Session Client Local Track & Profile

  5. User Session Most Preferences Shopping Basket Analytics Ad Network Behavioural

    Tracking/ Retargetting Social Plugins Affiliate
  6. Remove Replace Get Consent

  7. Remove

  8. None
  9. None
  10. Replace Flash Local Shared Objects Silverlight Isolated Storage HTML5 Local/Global/Session/

    Database Storage Image Cache Browser History
  11. Query Parameters Last-­‐Modified:  Thu,  21  May  2009  21:26:08   GMT

    ETag:  "650a7c7523865eae0c7294aa4e7b50dd" ETags  -­‐  [13/Feb/2012:14:19:57   +0000]  "GET  /user/themes/dilectio/ images/mright.gif  HTTP/1.1"  200  390 Log Analysis
  12. Javascript Fingerprinting https://panopticlick.eff.org/

  13. Client Server request ad / send cookie send targeted ad

    request ad send tracking JS send finger print send targeted ad
  14. Get Consent

  15. None
  16. None
  17. None
  18. None
  19. None
  20. •Web Statistics •Google Analytics •_utmz

  21. None
  22. None
  23. “Although the Information Commissioner cannot completely exclude the possibility of

    formal action in any area, it is highly unlikely that priority for any formal action would be given to focusing on uses of cookies where there is a low level of intrusiveness and risk of harm to individuals. “