(no title)

Information Commisisoner's Office - Enforcing the revised Privacy and Electronic Communications Regulations (PECR) of 25/5/2011 http://www.ico.gov.uk/~/media/documents/library/Privacy_and_...

Information Commissioner's - Office Guidance on the rules on the use of cookies and similar technologies of 13th December 2001: http://www.ico.gov.uk/news/latest_news/2011/%7E/media/docume...

"Check what type of cookies you use and how you use them"

"If the information collected about website use is passed to a third party you should make this absolutely clear to the user. You should review what this third party does with the information about your website visitors. You should tell people what you are collecting and how you are using this information."

"Even where the clear cookie rules do not apply you must consider the DPA [Data Protection Act] whenever you are collecting information that builds up a picture that could allow you to identify an individual."

"... the Commissioner is therefore unlikely to prioritize, for example, first party cookies used for analytical purposes and cookies that support the accessibility of sites and services, in any consideration of regulatory action."

"... we would expect you to provide clear information to users about analytical cookies and take what steps you can to seek their agreement."

Directive 2002/58/EC of the European Parliament of 12 July 2002: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:...

"(25) However, such devices, for instance so-called "cookies", can be a legitimate and useful tool, for example, in analysing the effectiveness of website design and advertising, and in verifying the identity of users engaged in on-line transactions. Where such devices, for instance cookies, are intended for a legitimate purpose, such as to facilitate the provision of information society services, their use should be allowed on condition that users are provided with clear and precise information in accordance with Directive 95/46/EC about the purposes of cookies or similar devices so as to ensure that users are made aware of information being placed on the terminal equipment they are using. Users should have the opportunity to refuse to have a cookie or similar device stored on their terminal equipment. This is particularly important where users other than the original user have access to the terminal equipment and thereby to any data containing privacy-sensitive information stored on such equipment. Information and the right to refuse may be offered once for the use of various devices to be installed on the user's terminal equipment during the same connection and also covering any further use that may be made of those devices during subsequent connections. The methods for giving information, offering a right to refuse or requesting consent should be made as user-friendly as possible. Access to specific website content may still be made conditional on the well-informed acceptance of a cookie or similar device, if it is used for a legitimate purpose."

Directive 2009/136/EC of the European Parliament of 25 November 2009: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2...

"(66) Third parties may wish to store information on the equipment of a user, or gain access to information already stored, for a number of purposes, ranging from the legitimate (such as certain types of cookies) to those involving unwarranted intrusion into the private sphere (such as spyware or viruses). It is therefore of paramount importance that users be provided with clear and comprehensive information when engaging in any activity which could result in such storage or gaining of access. The methods of providing information and offering the right to refuse should be as user-friendly as possible. Exceptions to the obligation to provide information and offer the right to refuse should be limited to those situations where the technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user. Where it is technically possible and effective, in accordance with the relevant provisions of Directive 95/46/EC, the user’s consent to processing may be expressed by using the appropriate settings of a browser or other application. The enforcement of these requirements should be made more effective by way of enhanced powers granted to the relevant national authorities."