DAC Beachcroft | Insurance, Privacy & Data Security News | October 2014

DAC Beachcroft Adviser Newsletter

October 2014 update 

How many of us are annoyed on daily basis by the cookie banner pop up which has become a feature of our digital lives?
 
"This website uses cookies. If you continue using this site we assume that you are happy with that”
 
The honest answer is usually, "I don’t really care, but I will click anything just to get this annoying pop up off my screen"! For those who weren't following the legislative changes at the time, these pop-ups were a result of a change in law in 2009 when the European Parliament adopted an amendment to the ePrivacy Directive.
 
Among other modifications the new version of the directive, (EC) 2009/136 (the "Directive"), introduced an obligation for website operators to receive their users’ consent to using cookies and similar technologies which has been highly unpopular for both data subjects and companies.
 
Although planned to have a unifying approach to cookie legislation across Europe, we have been left with a patchwork of national laws and guidance across the Member states. Many of them followed the UK approach and permit implied consent method, hence we can usually just ignore the banner and not have to click our consent to having our browsing activities monitored. Germany have refused to implement the legislation at all, alleging that their current data protection legislation more than meets the requirements of the Directive, which has led to great confusion in Germany as to where this law is written and what the obligations are.
 
After lying low for a while, September has seen cookies hit the headlines yet again. On 16 September European authorities began a “cookie sweep” consisting of random checks of the most popular EU e-commerce and media websites in an exercise initiated by the French data protection authority, the CNIL. I suspect the results will prove interesting reading but more pertinent will be the action that data protection authorities take as a result of findings of non compliance. To date, compliance actions have been limited, with 2014 seeing the first fines in Europe for failure to comply: The Spanish regulator fined two companies €3000 each for failing to provide clear and comprehensive information about the cookies they used. Our own ICO is working on a complaints driven basis and reports state that the ICO's approach has been to write to companies who they consider to be in breach and ask them to remedy the website and provide a more apparent method to obtain consent/provide notification to website users of cookie usage and storage.
 
What should concern the companies who are found in breach of the law, is that even if the penalty for non compliance is not significant, a breach may act as a marker, drawing the attention of the regulators and increase the chances of exposing wider breaches resulting in more serious enforcement action. This may be reason enough to implement an ongoing process in the legal, compliance and IT departments of your organisation to review both the cookies you use on your websites and the banners and notices through which you obtain user consent.
All this and more in this month's update. Colleagues can sign up to the alerter here.

Follow us on twitter @DACBprivacyFor DAC Beachcroft privacy updates, please follows us at @DACBprivacy

Click any of the links below to read more ...


UK Developments

Click the below headings to read more on each of the developments...


EU Data Protection Regulation Developments


Updates from around the World...

  • Cayman Islands' DP bill in final stages of consultation

Key Dates Calendar

 Key date

 Issue

 Action 

4 November 2014

Sign up to our next Minster Court Forum: Keep calm and carry on: a data breach workshop for regulated firms

If you would like to attend please click here to RSVP.  A confirmation email will be sent a week before the event

1 December 2014

Enforced Subject Access to become a criminal offence

Review employment and claims handling policies to ensure compliance

2014

Adoption of a final text of the Data Protection Regulation

Watch for updates

2014

ICO to publish Code of Practice on Privacy Policies

Watch for updates

 

For more information please contact:

DAC Beachcroft Adviser Newsletter

Rhiannon Davies, Associate

+44 (0) 20 7894 6577

rdavies@dacbeachcroft.com