Fwd: CNIL - new guidance regarding cookies from ashok malhotra on 2012-05-14 (www-tag@w3.org from May 2012)

From: ashok malhotra <ashok.malhotra@oracle.com>
Date: Mon, 14 May 2012 08:10:16 -0700
To: "www-tag@w3.org" <www-tag@w3.org>
Message-ID: <4FB12058.3000509@oracle.com>

In case you did not see this ...

-------- Original Message --------
Subject:  CNIL - new guidance regarding cookies
Resent-Date:  Sun, 13 May 2012 15:31:02 +0000
Resent-From:  public-privacy@w3.org
Date:  Sun, 13 May 2012 17:30:31 +0200 (CEST)
From:  runnegar@isoc.org
To:  public-privacy (W3C mailing list) <public-privacy@w3.org>

Hi all.

The CNIL has issued revised guidance regarding cookies (in French) [1]

Some highlights, courtesy of Bird&  Bird [2]:

" ... Analytic cookies will be exempt from the new rules if the following conditions are met:

* Publishers provide clear notice to visitors about their use of cookies. A link should be provided on the main page of the website and further information about analytic cookies should be displayed, for instance in the T&Cs;

* User's right to access information is ensured;

* Opt-out mechanisms are easy to install and accessible from each user device (including smartphones), operating system or browser application. Information shall not be shared with analytic providers if opt out mechanisms are on;

* The analytic information is not linked to identifiable users. This means that that there will be no access to individual's information but rather access to aggregate information which includes all website users. In addition, publishers must not use the analytic information to track users across multiple websites (i.e. analytic information relating to a given website cannot be shared with others);

* Geolocation based on IP addresses is permitted. However, the analytic information should not include any greater detail than city names. IP addresses must be deleted or anonymised once the geolocation has been completed to prevent further use of the information which the CNIL considers ‘personal data’; and

* Analytic cookie lifetime and storage of analytic information must not exceed 6 months. ..."

More information is available on the Bird&  Bird website [2].

Bird&  Bird has also produced a map illustrating where the EU Directive has been implemented (and is yet to be implemented) [3].

[1] http://www.cnil.fr/en-savoir-plus/fiches-pratiques/fiche/article/ce-que-le-paquet-telecom-change-pour-les-cookies/
[2] http://www.twobirds.com/English/News/Articles/Pages/CNIL_reissues_guidance_analytic_cookies.Aspx
[3] http://www.twobirds.com/English/News/Articles/Pages/Cookies_New_Directive_0711.Aspx

Cheers,
Christine

Received on Monday, 14 May 2012 15:09:34 UTC