JISCMail - DATA-PROTECTION Archives

All,

Like many I suppose I've spent a little time looking at the PECR amendments
that relate to cookies, the EU Directives, the government guidelines and the
ICO advice and working with other folk to figure out what needs to be done.
So this note really is just to give a heads up on a conversation I had with
the ICO helpline.

In looking at the issues, the following point came to me fairly quickly:
well this is fine and dandy for all the punters/customers who log on to our
websites for services and info, but how does it figure for employees working
for an institution/company on their employers' "terminal equipment"?  Does
this mean that all our staff have to give consent for the institution to
place cookies on its own machines used in its own offices by its own
employees?

Well I scratched my head and spent an interesting hour or so delving into
definitions (and the absence of them) in the EU directives and PECR and came
up with the conclusion that - mmmmm , well yes, err, it looks like it does.

I called the ICO and they said.  Well yes, we're trying to figure this one
out.  Perhaps you want to write in about it.  The ICO thinking at the moment
seems to be that there may be some mileage in implied consent by employees
when they sign up to their work terms and conditions. Though this view may
change.  I didn't write in to the ICO since other folk seem to have already
done this.  But I'll be interested to see what the ICO comes up with.  I
haven't yet broached the issue about intranets as opposed to public
communications systems.  I've suggested to my folk that they concentrate on
the punters at the moment and let's see which way this cookie crumbles.

Thought I'd share this one, and see if any other folk have run their heads
up against this.


Ray Cooke
Information Compliance Officer
Oxford Brookes University
Computer Services
Directorate of Learning Resources
Headington Campus
Gipsy Lane
Oxford, OX3 0BP

tel: +44 (0)1865 484354
fax: +44 (0)1865 483330

www.brookes.ac.uk

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^