The European Union’s amended Privacy and Electronic Communications Directive comes into force in just over a week on 26th May 2011. With it comes a much under-reported change in the way web administrators can use the information they collect about their visitors.
It what has been labelled ‘the cookie law’ the directive has yet to be be given a formal route into English law but still technically affects all those in the UK under European law. The key aspect is that collecting information via cookies should no longer be done covertly. Simply because a visitor’s browser allows cookies should not be taken to mean they agree to their information being collected.
As a result, The Information Commissioner’s Office (ICO) has issued a briefing note setting out guidelines on how not to fall foul of the directive. Advice on how to lawfully collect and use cookie information is set out in the document, aimed at bridging the gap until the Government bring in formal legislation.
While the position is not perfect it would appear the caution suggested by the ICO briefing note is a sensible step to follow until a new statue clarifies the exact position.
Do you think the Directive goes too far? Do the ICOs suggestions play too much into the hands of the regulators?