A year ago today I wrote a post entitled How Should UK Universities Respond to EU Cookie Legislation? The post was published a few hours before the cookie legislation was originally intended to come into force, but as I said in the post:
The good news is that the ICO has recognised the complexities in implementing this legislation. As described on the BBC Web site:
UK websites are being given one year to comply with EU cookie laws, the Information Commissioner’s Office has said.
The UK government also sought to reassure the industry that there would be “no overnight changes”.
A year later the legislation has now come into force – and, as reported in the Guardian a few hours’ ago “Cookies law changed at 11th hour to introduce ‘implied consent‘”. The article went on to describe how:
The advice was only updated on Thursday, 48 hours before the deadline for implementing the new rules, and published the next day.
Of course, the legitimate privacy concerns which led to the EU directive have not been solved. But the EU directive was a flawed approach to addressing both the complexities of online privacy and the technical challenges in implementing solutions. However standards-based solutions are currently being developed, in particular the Do Not Track standard. As described on the DoNotTrack.us Web site:
Do Not Track is a technology and policy proposal that enables users to opt out of tracking by websites they do not visit, including analytics services, advertising networks, and social platforms.
The do not track header is a proposed HTTP header field that would request a web application to disable their tracking of a user. The “Do Not Track” header was originally proposed in 2009 by researchers Christopher Soghoian, Sid Stamm, and Dan Kaminsky. It is currently being standardized by the W3C.
In December 2010, Microsoft announced support for the DNT mechanism in its Internet Explorer 9 web browser. Followed by Mozilla’s Firefox,Apple’s Safari and Opera all later added support. It is not currently supported by Google Chrome, but will be incorporated by the end of 2012.
This will provide a standards-based way for users to manage their online privacy. Support for this proposed standard was announced recently by Twitter: as reported in the Guardian:
Twitter announced that it will officially support “Do Not Track,” a standardised privacy initiative that has been heavily promoted by the US Federal Trade Commission, online privacy advocates and Mozilla, the non-profit developer of the Firefox web browser.
When we provide services, we want to make them easy, useful and reliable. Where services are delivered on the internet, this sometimes involves placing small amounts of information on your device, for example, computer or mobile phone. These include small files known as cookies. They cannot be used to identify you personally.
and goes on to add:
If you’d like to learn how to remove cookies set on your device, visit:http://www.aboutcookies.org/Default.aspx?page=1