fyi: Cranor: new UK cookie rules and example of compliant informed consent process

• From: =JeffH <Jeff.Hodges@KingsMountain.com>
• Date: Mon, 06 Jun 2011 08:50:04 -0700
• To: ietf-privacy@ietf.org, public-privacy@w3.org
• Message-ID: <4DECF72C.4020604@KingsMountain.com>

Subject: [Cups-friends] new UK cookie rules and example of compliant
	informed consent process
From: Lorrie Faith Cranor <lorrie@cs.cmu.edu>
Date: Sun, 5 Jun 2011 14:58:08 -0400 (11:58 PDT)
To: cups@cups.cs.cmu.edu
Cc: cups-friends@cups.cs.cmu.edu

New UK (and eventually EU) cookie rules... nobody is quite sure of what to make 
of them

http://successfulsoftware.net/2011/05/31/nearly-all-uk-business-websites-now-technically-illegal-eu-sites-to-follow/

The UK Information Commissioners Office uses their own website to provide an 
example of how to provide a cookie notice.

http://www.ico.gov.uk/news/current_topics/website_changes_pecr.aspx

Note the white box at the top of the website that states:

"On 26 May 2011, the rules about cookies on websites changed. This site uses 
cookies. One of the cookies we use is essential for parts of the site to 
operate and has already been set. You may delete and block all cookies from 
this site, but parts of the site will not work. To find out more about cookies 
on this website and how to delete cookies, see our privacy notice."

There is a check box that says "I accept cookies from this site" and if you 
check it the warning goes away. If not, you get to see this lovely warning on 
every page you visit on this site. This statement seems to be saying that they 
already set a cookie and the only way to do anything about it is to set your 
browser to block cookies. So it is not at all clear to me what you are agreeing 
to when you click accept.

Later on in the page (and only on this particular page, the warning actually 
appears on every page of the site) they state "We are setting our analytics 
cookies only when a user provides their consent." So that must be what the 
consent is about... but this hardly seems like an informed consent. From the 
note at the top basically I'm  being coerced into providing consent to get the 
warning to go away without being provided with any information about what the 
cookie does.

The website goes on to say "Currently our website contains one cookie that we 
do not use, but is essential for part of the site to operate." I'm not really 
buying this. If it is essential for the site to operate they must be using it 
somehow. It sounds to me like their site is run using some sort of site 
management software they bought and they don't know how to turn off the cookies.

Lorrie


_______________________________________________
Cups-friends mailing list
Cups-friends@CUPS.CS.CMU.EDU
http://CUPS.CS.CMU.EDU/mailman/listinfo/cups-friends

Received on Monday, 6 June 2011 15:55:11 UTC