[thelist] Cookies and the European Directive.

Hassan Schroeder hassan at webtuitive.com
Wed Nov 28 12:24:06 CST 2001


roland dunn wrote:
> 
> Does anyone have (or claim to have) a good handle on the implications of the
> new European Directive on website development?

Only an educated guess based on reading the resolution itself, and some
other preceding material (some cited below)  :-)

> My understanding of the European Directive is that if you wish to use
> cookies, you have to ask. 

My understanding is that it's *not* about cookies, it's about the
personal information that may be *associated* with cookies.

::
2a. Member States shall prohibit the use of electronic communications
    networks to store information or to gain access to information 
    stored in the terminal equipment of a subscriber or user without
    the prior, explicit consent of the subscriber of user concerned.
    This shall not prevent any technical storage or access for the 
    sole purpose of carrying out or facilitating the transmission of
    a communication over an electronic communications network.

    /* excerpt from 'Justification' follows:   */

    The use of such devices [cookies, spyware, etc.] should therefore 
    be prohibited unless the explicit, well-informed and freely given 
    consent of the user concerned has been obtained.

European Parliament A5-0374/2001
Amendment 26, Article 5, pp2a(new)

URL (all cited URLs are for lang="en"):

http://www2.europarl.eu.int/omk/OM-Europarl?PROG=REPORT&L=EN&PUBREF=-//EP//NONSGML+REPORT+A5-2001-0374+0+DOC+PDF+V0//EN&LEVEL=4


If this final resolution draft is what was enacted by the EP, and
I believe it is, it doesn't seem that draconian. Studies on the 
European commission site mention P3P as a technological mechanism
for providing that informed consent, for instance. And the "technical
storage or access" would seem to permit session cookies (whew!).

But of course, I'm not a lawyer, US or EU :-)


For more background, see:

Data Protection Law And On-Line Services: Regulatory Responses
http://europa.eu.int/comm/internal_market/en/media/dataprot/studies/regul.pdf

Privacy on the Internet - An integrated EU Approach to On-line Data Protection-
http://europa.eu.int/comm/internal_market/en/media/dataprot/wpdocs/wp37en.pdf

On-line services and data protection and the protection of privacy
http://europa.eu.int/comm/internal_market/en/media/dataprot/studies/serven.pdf


FWIW!
-- 
H*
Hassan Schroeder ----------------------------- hassan at webtuitive.com 
Webtuitive Design ===  (+1) 408-938-0567   === http://webtuitive.com

    -- creating dynamic Web sites and applications since 1994 --




More information about the thelist mailing list