Tag Archives: EU e-privacy

Cookies, Delib and the EU e-Privacy Directive

“The Cookie Law” has been extensively covered elsewhere. If you’re not familiar with it, the website of the Information Commissioner (ICO) is the best place to start.

The e-Privacy Directive is broadly intended to prevent abusive, invasive and malicious behaviour by website operators, where information is gathered about individual website users without their informed consent. This is a worthwhile goal. As a side-effect, the law also prevents website operators from using practices which are widespread, and undertaken with no malicious or abusive intent.

Compliance with this directive is a process, and ICO guidance has been clear on what steps need to be taken by website operators. Here’s what we’ve been doing about it.

Recognition that is both a technical and legal process

We have:

  • – Taken legal advice about this.
  • – Read the law and the ICO guidance for ourselves.
  • – Looked at the technical implications.
  • – Made a plan for compliance.

 

How we’re tackling compliance

Steps we’ve taken or are taking include:

  • – Audit for cookie use of the apps we build and operate on behalf of our clients.
  • – Audit for cookie use of our own Delib-branded websites.
  • – Automation of auditing, to ensure we remain compliant over time (this is particularly important when 3rd party services can be embedded in to sites).
  • – Making it clear how cookies are used in our apps via their privacy and cookies statements.
  • – Technical work which helps our clients comply when embedding content from 3rd party services which may set cookies (for the end user we wrap an explicit ‘accept this embed’ choice around embedded content).
  • – Removing services on our own sites that set 3rd party cookies. We have already removed Google Analytics from a large number of our pages, and we’re working on removing further services that set cookies. For complete compliance, we are also planning to add an explicit cookies notice, similar to the solution implemented by the BBC.

We’ve chosen to see compliance with this directive as something that needs to be achieved and maintained, not simply a nuisance that might go away if ignored (as some website operators hope).

This work does use up limited time and money which could alternatively have been applied to features which help our clients, and to competing with other similar businesses around the world. However there’s a good case for users being informed about the use of cookies and similar local storage. Our practices are not abusive and malicious, but the prevention of those that are is important.