The U.K. Information Commissioner’s Office (ICO) has issued advice for
businesses and organizations to ensure compliance with a new EU privacy
directive governing the collection of online user data via “cookies” or other
technologies that store visitor information on a user’s computer or mobile
device. ICO has billed the guidance document as a “starting point for getting
compliant rather than a definitive guide,” and has announced its intention
to publish separate guidance on enforcement as the regulations are
implemented.

Effective May 26, 2011, the new rules revise the U.K. Privacy and Electronic
Communications Regulations 2003 (PECR) in accordance with changes made
to the EU Privacy and Electronic Communications Directive. Applicable
to cookies, flash cookies and all other technologies designed to store or
gain access to information stored “in the device of a subscriber or user,” the
amended EU directive requires websites to obtain explicit user consent to
store a cookie on a device, whereas the previous regulations allowed websites
to use cookies as long as they stated how the data were used and provided
users with the ability to “opt out.” The new regulations also provide a “narrow”
exception for cookies that are “strictly necessary” to conduct a service
requested by the user; for example, cookies used to facilitate the online
purchasing process.

With this in mind, ICO has urged businesses and organizations to (i) “check
what type of cookies and similar technologies you use and how you use
them”; (ii) “assess how intrusive your use of cookies is”; and (iii) “decide what
solution to obtain consent will be best in your circumstances.” It has also
discussed various options for obtaining user consent through the use of pop-ups, terms and conditions, and similar avenues, as well as accounting for settings-led consent, feature-led consent and third-party cookies. “What is
clear is that the more directly the use of a cookie or similar technology relates
to the user’s personal information, the more carefully you need to think about
how you get consent,” concludes the ICO. “We are keen to ensure any future
guidance we produce in this area reflects real world practice and that it can
continue to be used as technologies develop.” See The Parliament.com and The
Telegraph, May 10, 2011.

About The Author

For decades, manufacturers, distributors and retailers at every link in the food chain have come to Shook, Hardy & Bacon to partner with a legal team that understands the issues they face in today's evolving food production industry. Shook attorneys work with some of the world's largest food, beverage and agribusiness companies to establish preventative measures, conduct internal audits, develop public relations strategies, and advance tort reform initiatives.

Close