Govt working on 'browser-based' solution for new cookie law
Cookies settings may be 'enhanced', says spokesman
SaaS data loss: The problem you didn’t know you had
The government is working with browser manufacturers to create new settings that will help businesses comply with a controversial new EU law on cookies that is due to come into force in May.
The government has also insisted that the EU Directive will become UK law by the May deadline, despite a warning from the Information Commissioner that it was unlikely to take effect until autumn.
The EU law will force companies to obtain "explicit consent" from web users before they make use of cookies, small files placed in a user's browser containing details of their web use.
It has been unclear whether the government would force companies to ask users outright for their permission or whether the fact that a browser is set to accept cookies can be taken as consent.
A spokesman for the Department of Culture, Media and Sport (DCMS) said that it was working on a browser-based solution.
"We are working with browser manufacturers to find a way to enhance browser settings so that they can obtain the necessary consent to meet the Directive's standards," said the spokesman.
The Government has also said that it will meet a 25 May deadline set by the European Union for the implementation of the EU law, after Information Commissioner Christopher Graham highlighted confusion about its implementation.
Graham told this morning's Today programme on Radio 4 that because the UK government has not published the regulations which would transpose the measures into law, it is unlikely that any change in the law would take effect before autumn, months after the EU-set deadline.
"We wait to see how this is going to be transformed into UK law. What concerns me is that in less than 12 weeks' time this Directive becomes European law," he said. "I don't speak for the government but they'd be in trouble with the European Commission if they didn't transpose this Directive into UK law in pretty short order."
"They've been consulting about it and I think the regulations will appear quite quickly but then we do need a reasonable time for everyone to adapt so typically you need about three months to get ready, so I would expect by the autumn we will see the whole thing up and running," said Graham.
The DCMS spokesman said that the regulations would be in place by 25 May but that the technical solutions it was working with browser makers on would not be ready by that time.
It said that the Government would be advising the Information Commissioner's Office (ICO) not to take enforcement action against any company that was not in compliance with the law because of the delay to what the spokesman called the "technical solutions". As long as organisations were working towards compliance they should not be punished, he said.
The new cookie law was created in 2009 as part of a package of telecoms industry reforms. The European Union created a requirement that companies whose websites use cookies to track computers' use of their sites must seek the 'explicit consent' of users for that tracking to be lawful.
Debate has raged about whether sites will have to ask new users for that consent outright or whether web browser settings that permit cookies can be taken to mean that consent has been given.
The UK Government has previously said that it will simply copy the exact lettering of the EU Directive, adding no clarification or interpretation of its own when it creates regulations to turn the Directive into UK law.
Copyright © 2011, OUT-LAW.com
OUT-LAW.COM is part of international law firm Pinsent Masons.
COMMENTS
Ask a bunch of clueless lusers...
Essentially someone somewhere perceived there was a problem, probably involving the EU data protection laws, with cookies being used to track user behaviour on websites, or on syndicated groups of websites. Rather than taking a good, hard look at how web browser cookie controls can be set up to prevent this sort of abuse (Firefox anonymous mode, say, or discard all cookies on exit), the EU defaulted to its normal mode of operation and set about making up a law.
Nobody in the EU lawmaking process actually properly understood the problem, therefore nobody there saw that the solution was to hint to browser makers that making the cookie controls finer-grained and easier for the dumb luser to (mis)use was probably the way to go; this shifts the onus onto the end user and takes lawmakers out of areas where they really shouldn't be treading in the first place.
Effectively a perfect solution would be similar to the Microsoft IE internet controls GUI; a simple slider from "Completely Open" to "Paranoid, almost unusable" plus an advanced section that users with a brain can use for fine-grained control, and every other luser can look at, go "Duh whazzat?", and resort to the simple slider instead. This would more or less solve the problem for a while, until the advertisers thought up a different tracking wheeze and the cycle would begin again.
This sort of arms race between websites and browsers has occurred before, with font size controls. HTML originally had no way for a website to easily specify an absolute text size; the user defined a useful basic text size themselves and all other fonts were relative to that. Then absolute font sizes were introduced, and shortly afterwards browser controls to override these directives were also introduced...
Ostriches..
"The UK Government has previously said that it will simply copy the exact lettering of the EU Directive, adding no clarification or interpretation of its own when it creates regulations to turn the Directive into UK law."
i.e. they're going to make a nebulous and poorly worded law, using words that they copied and didn't consider, and then let the lawyers sort things out in the courts - legislation without cogitation.
Marvellous
Poor, abstract, laws.
Typically stupid, ill thought-out laws.
Rather than something like this, where the choice will be "agree to this carefully worded popup - or go away entirely", they should be dealing with the real problems.
Specifically, we need a browser settings that says items like "you may not pass my information outside the company, specifically not to advertisers" and "I don't want advertising junk from your website". Then we need a way to impose this on ALL companies, particularly american ones that typically don't understand privacy. I'd suggest a finite time, then blocking of any offenders - stone dead.
And while we are at it, can we have a cookie that says "you must never pass any of my information to governments or courts" - given that they are a much bigger privacy problem than doubleclick.
IT infrastructure monitoring strategies
What you need to know about cloud backup
Enabling efficient data center monitoring
Agentless Backup is Not a Myth
Customer Success Testimonial: Recovery is Everything
