New regulations (The Directive on Privacy and Electronic Communications aka Privacy Regulations) regarding email marketing and cookies are to come into effect on 31 October this year, though the exact wording and format is still to be confirmed, as far as I am aware.

Essentially the cookies part requires greater awareness of cookies and will likely require websites to warn visitors when a site uses cookies and give them the option of refusing them. Exactly how this is to be done, I'm not sure (and I don't think anyone else is!)

The latest from the DTI is at http://www.dti.gov.uk/industries/ecommunications/index.html

Gary

Managed Web
Website Maintenance & Support
www.managedweb.com

On 15:39:00 30 July 2003 C.H wrote:
>Do I understand correctly, that there will be some new
>guidelines on Cookies published soon? How they can be used
>etc etc?
>
>Where could I go to find out more information about the
>subject.
>
>CH

The directive goes live today.

Can anyone confirm that a link to your privacy policy on all pages of your site, brief details of your use of cookies, plus a link to the aboutcookies.org is sufficient?

Thanks.
Russell

Thanks Ashley.

I've added the following text & link to the end of the "information about cookies & what we use them for" area on our site:

"How to delete and control cookies: www.aboutcookies.org"

If there are any legal bods out there that *don't* think this is sufficient to meet the new legislation requirements, please post a reply. TIA.

Russell

On 17:09:06 12 December 2003 Alex Chudnovsky wrote:
>IANAL (I Am Not A Lawyer - but I wish I was!) telling use
>how to delete cookies should not be sufficient because
>most likely these cookies were logged on Firm's server
>side and then replicated in great many places --
>essentially this will mean you DID collect and likely WILL
>use this tracking information on user even though they did
>not want it and did indeed delete cookies following your
>instruction, but they deleted on CLIENT side.
>

IAAL - Apart from the point that, without the client side data storage, you are not talking 'cookies', the new Regulations (The Privacy and Electronic Communications (EC Directive) Regulations 2003 ) apply (Reg 6) only to the client side element of cookies. However,any data about a user retained at the server side (which is not strictly a cookie but just data storage) has to comply with the Data Protection Act anyway and so ,if it is such as can idenify a living person andnot just a terminal then cannot be retained any way without appropriate consent under DPA.

Important to also bear in mind that , even if you follow the Regs in giving proper notice and opportunity to remove, it would be a breach of the DPA to store cookies that contain more data than reasonably necessray for the purpose of the cookie,

Members of our service at www.TheAdviceRoom.com receive a free guide to the new regulations.

Alex- I see what you are getting at, 6(2)(b) to which you refer, and which says :-

"2) The requirements are that the subscriber or user of that terminal equipment - .........
(b) is given the opportunity to refuse the storage of or access to that information."

You interpret that to cover refusal of storage generally and, therefore, that the user has to have the opportunity to refuse storage at server side. This is,however, wrong since 'storage' has to be interpreted subject to Reg6(1) which clearly limits use of the word 'storage' in the rest of Regulation 6 to client side storage only.It says:-

" 6. - (1) Subject to paragraph (4), a person shall not use an electronic communications network to store information, or to gain access to information stored, in the terminal equipment of a subscriber or user unless the requirements of paragraph (2) are met.

So the requirements of paragraph 2 relate only to storage in the terminal equipment of the subscriber or user ie client ternminal.

Graham
www.TheAdviceRoom.com