Beware the cookie-a review of privacy law
By Emma Peart
The rules on cookies and ecommerce in the UK changed at the end of May. This is largely due to a 2009 EU Privacy directive which reviewed privacy law. The change is intended to give individuals more of a say over what information is held on them. One way in which information is held is through cookies, small text files which hold information on visitors to websites.
The government has issued guidelines on what changes it expects to cookies. At this stage it suggests firms view whether their current cookies system should receive consent to be used by the site’s users. Some ways this could be achieved would be through a consent button, or through the terms and conditions of the website. This in general can only be a good thing for visitors to any site, relieving them of the fear of any information on them being kept without consent.
The EU directive has also meant there are tighter rules in relating to the release of any information by a security breach. Internet Service providers and telecoms providers providing access to public sites are among groups that will have to make a notification to designated bodies if they are of the view there is a security breach. There are only two bodies that will be responsible for monitoring this: Ofcom and the Information Commissioners Office. The Information Commissioners Office will have the authority to serve notices on a third party to co-operate in providing information during an investigation.
The idea is that privacy laws will be tightened up across Europe. However, although some countries have provided their proposals for reform, not all have. At least in the case of the countries that have, their does seem to be a similarity to those in the UK. However there is going to be uncertainty for not only individuals but ecommerce while the legislation changes across Europe.
The other thought is whether the changes will be enough. It is Internet Service Providers and telecoms providers that are subject to the change in UK legislation. It may be the case that the reform should be more widespread if there is to be a full effect on privacy, by all industries being subject to the reform.
