In association with heise online

05 February 2013, 11:26

UK Information Commissioner relaxes cookie rules

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Network security/privacy UK Information Commissioner Christopher Graham has relaxed the rules on cookie use set out by his own office in May 2011. Under the new rules, web sites can store the controversial browser files on users' hard drives if this has been implicitly accepted by the user. The Information Commissioner's Office (ICO) had previously required "explicit consent". In a statement on the reasons for the change, the organisation notes that this was considered appropriate two years ago, as many web users were unaware of cookies and how they were used. It believes that people are now sufficiently aware, not least as a result of unavoidable banners and popups on the use of cookies found on many UK websites.

ICOs new cookie warning
Zoom ICOs new style cookie warning - information only and implicit consent assumed

The ICO site itself now limits itself to displaying a notice on the bottom of the screen stating that cookies are used the first time a user visits it. Users are also referred to the ICO's data protection statement and to information on controlling and managing cookies. Users can close or simply ignore the notice, which, unless the cookie is deleted, will not be displayed on subsequent visits to the website. Previously, site users had to actively consent to cookie storage and click on a highly conspicuous declaration.

The UK is considered a pioneer in implementation of rules on cookie use arising from the EU's Data Protection Directive. Graham's new approach is being interpreted as meaning that the previous strict requirements are "dead". However, the ICO never really enforced the old guidelines. EU rules have long been a source of confusion, frequently even having been interpreted as a complete ban on cookies. The statement of the rationale for the 'e-privacy directive', by contrast, merely states that routes to information and to enabling users to decline to have cookies placed on their computers must be designed to be as user friendly as possible.

EU data protection commissioners making up the Article 29 Working Party published an explanation of options for legally compliant deployment of cookies in 2012, according to which it is not necessary to continually obtain user consent. Configuration options or 'Do Not Track' settings can, it argues, also be an acceptable solution. In contrast to the UK, the German government has not previously considered it necessary to transpose the EU regulations into German law. They believe that the Directive raises practical questions which initially require further consultation at the European level. Germany's Federal Data Protection Commissioner Peter Schaar is, however, of the opinion that EU cookie rules are directly applicable in Germany.

(Stefan Krempl / djwm)

Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit