>Alex - I'm afraid you are getting this all wrong.
Possible.
>Of course. But you are overlooking the fact that
>Regulation 6 does not apply AT ALL to server side data
>retention. It only applies to information stored
>"in the terminal equipment of a subscriber or
>user".
But regulations apply to "ACCESS" to cookie data "stored" as you pointed out on client side - the access is possible as the data was logged on server side. I am talking about specifically cookie values being logged in many server side logs.
>So there can be no breach of these regs for storing data
>if:-
>1. Its stored on the server or
>2. Its information coming within the categories of
>exclusion in Reg 6(b) or
>3. A warning and opportunity to remove is given.
Agreed about 3) - my original point refers to suggestion that warning to delete cookies AFTER some browsing took place that will cause cookie data to be "accessed" (by virtue of being logged on server side) will be in violation of regulation 6).
Here is the scenario:
1. I click on a link leading to site - this will set email marketing cookie.
2. I read privacy policy on site that advises me to "delete cookies" using browser's feature.
3. I keep browsing the site - this will log all accesses
with the cookie value as set in 1)
4. I finished browsing and follow site's instructions to delete cookies on client side.
5. The cookie data on server side with cookie values is still in tact - this can be accessed at later date by analysts in violation of Regs 6.
IF there was a warning that this process will take place then Reg 6 should be fine in my opinion.
IF you only give instructions to remove cookies from client side then these cookie values will still be accessed as they are also stored on server side. If you like these "removal" instructions are not complete and misleading. What's worse is that people on server side will not even know if cookies were deleted by user or just expired - in either case an ACCESS to cookie data can still take place.
Bottom line is that in the above scenario the cookie data will be accessed against wishes of a user who will be under the impression that deletion of cookies on client side will be the end of the story - which it wont because that data will have already been "accessed" (assuming a person will look at that data of course).
Cookies, C.H, 30 Jul 15:39 Do I understand correctly, that there will be some new guidelines on Cookies published soon? How they can be used etc etc?
Where could I go to find out more information about th ...
Cookies, Gary Baker, 5 Aug 12:44 New regulations (The Directive on Privacy and Electronic Communications aka Privacy Regulations) regarding email marketing and cookies are to come into effect on 31 October this ye ...
Cookies, JamesDownes, 12 Aug 16:23 You may find this useful, http://www.aboutcookies.org. It was set up by a law firm who have probably read (and understood) the directive.
I think the idea is that you can direct ...
Cookies, Russell , 11 Dec 11:43 The directive goes live today.
Can anyone confirm that a link to your privacy policy on all pages of your site, brief details of your use of cookies, plus a link to the aboutcoo ...
RE: Cookies go live today, Ashley , 11 Dec 16:10 Hi Russell
I believe 'best practice' (aka how little you can do to stay the right side of the law) also dictates that you give instructions in your privacy policy to users on ho ...
RE: Cookies go live today, Russell , 11 Dec 17:33 Thanks Ashley.
I've added the following text & link to the end of the "information about cookies & what we use them for" area on our site:
"How to delete and control cookies ...
RE: Cookies go live today, Alex Chudnovsky, 12 Dec 17:09 On 16:10:06 11 December 2003 Ashley wrote:
>give instructions in your privacy policy to users on how
>they can delete the cookies you may have set. This is a
>workaround for ...
RE: Cookies go live today, GrahamRoss, 15 Dec 10:30 On 17:09:06 12 December 2003 Alex Chudnovsky wrote:
>IANAL (I Am Not A Lawyer - but I wish I was!) telling use
>how to delete cookies should not be sufficient because
>most lik ...
RE: Cookies go live today, Alex Chudnovsky, 15 Dec 12:30 Great post Graham. I was merely trying to say that telling user how to delete cookies is (in my view) not sufficient to satisfy Regulation 6 (b) of The Privacy and Electronic Commu ...
RE: Cookies go live today, GrahamRoss, 15 Dec 14:46 Alex- I see what you are getting at, 6(2)(b) to which you refer, and which says :-
"2) The requirements are that the subscriber or user of that terminal equipment - .........
...
RE: Cookies go live today, Alex Chudnovsky, 16 Dec 10:51 On 14:46:47 15 December 2003 GrahamRoss wrote:
Graham,
The argument is based on "The Privacy and
Electronic Communications (EC Directive) Regulations 2003"
URL: http://www ...
RE: Cookies go live today, GrahamRoss, 16 Dec 12:36 Alex - I'm afraid you are getting this all wrong.
> 1. I will show that 6(4) does not apply in a
>number of cases which would mean that 6(1) must be
>complied with for thes ...
RE: Cookies go live today, Alex Chudnovsky, 16 Dec 12:53 >Alex - I'm afraid you are getting this all wrong.
Possible.
>Of course. But you are overlooking the fact that
>Regulation 6 does not apply AT ALL to server side data
>ret ...
RE: Cookies go live today, Russell , 16 Dec 16:14 Alex,
I would argue that once a cookie's value is logged to the server, it ceases to be "cookie data" & becomes "just data". In your example, it is therefore a data protection i ...
RE: Cookies go live today - response to Russel, Alex Chudnovsky, 16 Dec 17:30 >I would argue that once a cookie's value is logged to the
>server, it ceases to be "cookie data" &
>becomes "just data". In your example, it is
>therefore a data protection iss ...
RE: Cookies go live today - response to Russel, GrahamRoss, 17 Dec 15:05 >Suggestion to delete cookies on client side is not
>sufficient to satisfy 6(b) simply because it may be logged
>on server side - confidentiality of data may be breached against ...
RE: Cookies go live today - response to Russel, Alex Chudnovsky, 17 Dec 15:18 Graham,
>Can we drop this now and agree to disagree, unless anyone
>else wishes to chip in.
Yes I can agree on that. I hope future application of these regulations will prov ...
Cookies, C.H, 30 Jul 15:39
, 11 Dec 11:43
