Andrew Cormack Janet Who Burnt the Cookies?. One portion... Mix with... Bake into... Resulting in... Recipe for Trouble Good intentions – They’re breaching.

Slides:



Advertisements
Similar presentations
Ncfe Academy Advert Project By the Rising Stars Academy.
Advertisements

Big Data and data protection
New Canadian Anti-Spam Legislation Robert Lipson – April 8, 2014.
Lecture to Carleton University, Center for European Studies, December 1, 2010.
Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Internet Research Finding Free and Fee-based Obituaries Online.
Presented by Bishop & McKenzie LLP May 30, Vancouver Sun, “Anti-Spam Legislation Has Businesses Scrambling to Comply”, May 26, 2014.
DIABETES UK TRACKER SMARTPHONE APP 28 March #duktracker "This app is so focused and simple, yet it's ingenious. I loved the way they tested.
Using the Internet to Conduct Research What Investigators and IRB Members Should Know -- January 29, Lisa Shickle, MS Analyst, VCU Massey Cancer.
Cookie compliance: your 5 day emergency action plan Claire Walker.
Prior Written Notice (PWN) Training Rock Hill Schools Exceptional Student Education 2009.
E-Privacy and Cookies: Legal Aspects. E-Privacy Directive 2002/58, amended by 136/2009 Main amendments focus on DBN (security) and confidentiality of.
EPrivacy & Consenting Cookies Rakuten LinkShare Symposium 2012 Liz Robertson Jones Day 17 April 2012.
TERENA Networking Conference 2005©The JNT Association, 2005 Network Performance Measurement: Privacy and Legal Issues Andrew Cormack, UKERNA
Osborneclarke.de OBA Breakfast Seminar 22 January 2013 Stephen Groom OC London Action points for UK advertisers.
6 Steps for Resolving Conflicts STEP 1. Begin the Process Calmly approach the person you are having the conflict with, and explain to them that you have.
Marketing / Law / Digital Keith Arrowsmith. Court ActionPress Complaints CommissionTrading StandardsGambling Commission.
Doc.: IEEE /1096r2 Submission January 2006 Mike Moreton, STMicroelectronicsSlide 1 Emergency Call Support Notice: This document has been prepared.
Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.
This was written with the assumption that workbooks would be added. Even if these are not introduced until later, the same basic ideas apply Hopefully.
Breach Notification and Incident Response Andrew Cormack Janet TLP: White.
Five surprising tips for app developers Gordon Murrison.
The Northumbria timetable puzzle This brief presentation offers a quick guide to understanding the timetable. The next slide which gives an extract of.
1 Math CAMPPP 2012 Plenary 1 Why students struggle with fractions.
Canada’s Breach Reporting Law What you need to know Timothy M. Banks, CIPP/C Dentons Canada LLP July 21, 2015.
Lesson 5 New Pages and Links. Objectives In this tutorial we will: ● Provide an overview of the "networked" structure of a wiki ● Demonstrate how to create.
Protecting Data, Sharing Information Graham Wakerley: Director
Fundraising Regulation: What does it mean for charities?
Tonga Institute of Higher Education IT 141: Information Systems
and Succeeding Together
Emergency Call Support
One account for all your learning needs
Plagiarism/Cheating!! Don’t do it!!.
The purpose of Move On Up!
Striving for Excellence
Google Apps for Education
Alan Mckenna Thessaloniki – May 2011
LearnZillion Notes: --This is our lesson objective. Keep it as short and student-friendly as possible. Put what they will learn in green and then how they’ll.
General Data Protection Regulations: what you really need to know
Data protection issues in regulatory investigations
General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.
Chapter 18 MobileApp Design
Marion Kelt The library website.
Essay writing Politics and Society.
The European Union General Data Protection Regulation (GDPR)
GENERAL DATA PROTECTION REGULATION (GDPR)
Unit 27 Web Server Scripting Extended Diploma in ICT
Tonga Institute of Higher Education IT 141: Information Systems
Separation of Powers: What’s for Lunch?
SafeSurfing Module 5 September 2016.
Google Privacy Policy Karen Tao.
Our goal today is to register you to vote or have you pledge to vote if you are already registered. But first, let’s show you the reality of youth participation.
Preparing for the GDPR - What do we need to do if we process children’s personal data? Data Protection Practitioners’ Conference 2018 #DPPC2018.
GDPR - New Data Protection Regulation
How we’ll prepare for the General Data Protection Regulation (GDPR)
Tonga Institute of Higher Education IT 141: Information Systems
GDPR Quiz Today’s trainer: Click here to use Kahoot! 1
Data Quality: Why it Matters
Separation of Powers: What’s for Lunch?
How to upgrade your RSFORM!PRO forms for GDPR compliance
Information Gathering theory
One account for all your learning needs
6 Steps for Resolving Conflicts
I (do not) consent to behavioural advertising
Networking Workshop (2)
Jonathan Hill and Cathy Griffin | Home Care & Assisted Living Program
Social Media Audit.
GDPR Workshop – Partnerships for Jewish Schools
Data Privacy and GDPR Jane Shvets
Getting Ready For GDPR Simon Marks Director
Presentation transcript:

Andrew Cormack Janet Who Burnt the Cookies?

One portion... Mix with... Bake into... Resulting in... Recipe for Trouble Good intentions – They’re breaching your privacy... Technological innocence – Using cookies... Legislation – Regulating cookies...

An Unpleasant Taste EU Directive amended in 2009 – One small change makes a big difference: “is given the opportunity to refuse the storage of or access to that information” (2003) replaced by “has given his or her consent” (2011) Member States’ Laws due in May 2011 – UK enforcement begins next week Headline story: “All Cookies Need Prior Consent” – But law actually has a number of different flavours...

How many flavours? Directive says two: – Those “strictly necessary for the provision of an information society service requested by the subscriber or user” – The rest: “must provide information and get prior consent” UK Information Commissioner lists five or more: – Strictly necessary, settings-led, feature-led, functional and analytical, third party,... – Maybe these overlap? But then again...

How many ways to (tr)eat them? Three? – Itemise (list and describe) All of them (since 2003!) – except maybe non-personal, essential ones Clear Information Commissioner guidance/examples – Identify (on web pages/functions/etc. that need them) Those that do something the user asked for E.g. Remember language/preference, watch video, personalise Clear Information Commissioner guidance/examples – Interact (through some sort of consent dialogue) Those that do something else E.g. advertising, analytics Not clear 

Feeding frenzy? Guidance now appearing thick and fast – And inconsistent  E.g. International Chambers of Commerce – Agrees with ‘necessary’ and ‘functional’ – Analytics count as ‘performance’ (with load-balancers!) – Only cookies displaying adverts (not trackers) need consent E.g. UK Government Data Service – Look at privacy intrusion only – Analytics don’t harm privacy at all

Other countries? Seems to be less guidance What I can read mostly matches UK – With interesting variations on “necessary” Unless you know otherwise?

Samples now available But – Are these compliant? – Are they user-friendly? – Do they offer the choices you want?

UK Information Commissioner

British Telecom

Janet

Crumbs of comfort From the Information Commissioner guidance... – “1 st party analytic...might not appear as intrusive as...” (p20) – “simply allow you to improve your website” (p12) – “unlikely to prioritise...in any regulatory action” (p25) – “[ICO] may consider other options ourselves” (p27) Maybe do others first and let these firm up a bit? Behavioural advertising still looks indigestible  – But NRENs and their customers may rely less on these?

Leftovers Targeted advertising cookies – Regulators really do seem to want prior consent – ICC agree, but have no idea how to get it – NB when ICO sought cookie consent, only 10% gave it Platform & plugin cookies – “Above” and “Below” your content – Who is responsible for their compliance? And other things stored in the client – Web bugs, flash cookies, etc.

Menu (short-term) Work out what cookies you have Document them all Highlight the functional ones Decide on an approach to analytics – Consent-based? – Opt-out? – Privacy-based? Watch out for changes in technology and guidance

Menu (long-term) Get better at spotting these bugs when they turn up – Suggest better ways to solve the (real) problem Support our legislators – MEPs have scarily little help – Either in drafting or assess impact of what they do Look at the headlines and the text – They might not be the same – E.g. “right to be forgotten” 

I think we were lucky this time...

THANK YOU Janet, Lumen House Library Avenue, Harwell Oxford Didcot, Oxfordshire t: +44 (0) f: +44 (0) e:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.