Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The Cookie Law

Ian Barber
February 24, 2012

The Cookie Law

A brief discussion of issues around the EU Privacy Directive with regards to the use of cookies in the UK. Given in the PHP UK 2012 Unconference.

Ian Barber

February 24, 2012

More Decks by Ian Barber

Other Decks in Technology


  1. 6.—(1) Subject to paragraph (4), a person shall not use

    an electronic communications network to store information, or to gain access to information stored, in the terminal equipment of a subscriber or user unless the requirements of paragraph (2) are met. (2) The requirements are that the subscriber or user of that terminal equipment— (a)is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and (b)is given the opportunity to refuse the storage of or access to that information. The Privacy and Electronic Communications (EC Directive) Regulations 2003
  2. (3) For paragraph (2)(b) substitute “(b) has given his or

    her consent”. The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011
  3. Query Parameters Last-­‐Modified:  Thu,  21  May  2009  21:26:08   GMT

    ETag:  "650a7c7523865eae0c7294aa4e7b50dd" ETags  -­‐  [13/Feb/2012:14:19:57   +0000]  "GET  /user/themes/dilectio/ images/mright.gif  HTTP/1.1"  200  390 Log Analysis
  4. Client Server request ad / send cookie send targeted ad

    request ad send tracking JS send finger print send targeted ad
  5. “Although the Information Commissioner cannot completely exclude the possibility of

    formal action in any area, it is highly unlikely that priority for any formal action would be given to focusing on uses of cookies where there is a low level of intrusiveness and risk of harm to individuals. “