Next Steps In Addressing Forthcoming Cookie Legislation
Posted by Brian Kelly on 20 February 2012
The Forthcoming Cookie Legislation
On 26 May 2011 I asked How Should UK Universities Respond to EU Cookie Legislation? The post was published the day before UK government legislation based on the EU Directive requiring users to opt-in to cookie use was due to come into force. However in light of the government’s awareness of the difficulties in conforming with the legislation, the Information Commissioner’s Office (ICO) announced that UK websites were to be being given one year to comply with EU cookie law. But May 2012 is now only three months away, so how are UK Universities responding?
One of the key challenges will be in developing policy statements regarding information which is gathered and stored in cookies.
Learning from Current Practices
Back in May 2011 a survey of cookie use across the twenty Russell Group universities was carried out and the findings published in a post on Privacy Settings For UK Russell Group University Home Pages. Subsequently staff working in institutional web teams across the wider UK higher education sector were invited to provide links to their privacy policies in a Google spreadsheet. The following table provides links to privacy policies and statements based on the information available from the spreadsheet.
|2||Aberystwyth||Terms and Conditions|
|4||Bath Spa||Website Terms and Conditions of Use|
|7||Cambridge||Privacy policies for services|
|10||Edge Hill||Privacy Statement|
|15||Liverpool||Personal information on the web|
|16||LSE||Privacy and data protection|
|22||Staffordshire||Protecting Privacy on Data Transmission over the Internet|
|24||Warwick||Website terms and Conditions|
The links aim to make it easy for people wishing to see the approaches taken by others within the sector to see the approaches which are being taken.
In addition to the passive process of seeing what others are doing and making use of approaches which appear useful it can be more useful to collaboratively engage in the development of public privacy statements, such as those listed above, as well as discussions about important issues including approaches to auditing cookie use on web sites; ongoing auditing processes; policies for web sites which are not under the control of a central web team and the internal processes for developing policies and procedures, including reaching agreement on the institution’s willingness to take risks if it is not possibly to conform with the letter of the legislation.
Feedback can be provided on the JISCPress site or on this blog.