All, Like many I suppose I've spent a little time looking at the PECR amendments that relate to cookies, the EU Directives, the government guidelines and the ICO advice and working with other folk to figure out what needs to be done. So this note really is just to give a heads up on a conversation I had with the ICO helpline. In looking at the issues, the following point came to me fairly quickly: well this is fine and dandy for all the punters/customers who log on to our websites for services and info, but how does it figure for employees working for an institution/company on their employers' "terminal equipment"? Does this mean that all our staff have to give consent for the institution to place cookies on its own machines used in its own offices by its own employees? Well I scratched my head and spent an interesting hour or so delving into definitions (and the absence of them) in the EU directives and PECR and came up with the conclusion that - mmmmm , well yes, err, it looks like it does. I called the ICO and they said. Well yes, we're trying to figure this one out. Perhaps you want to write in about it. The ICO thinking at the moment seems to be that there may be some mileage in implied consent by employees when they sign up to their work terms and conditions. Though this view may change. I didn't write in to the ICO since other folk seem to have already done this. But I'll be interested to see what the ICO comes up with. I haven't yet broached the issue about intranets as opposed to public communications systems. I've suggested to my folk that they concentrate on the punters at the moment and let's see which way this cookie crumbles. Thought I'd share this one, and see if any other folk have run their heads up against this. Ray Cooke Information Compliance Officer Oxford Brookes University Computer Services Directorate of Learning Resources Headington Campus Gipsy Lane Oxford, OX3 0BP tel: +44 (0)1865 484354 fax: +44 (0)1865 483330 www.brookes.ac.uk ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving messages please send to the list owner [log in to unmask] Full help Desk - please email [log in to unmask] describing your needs To receive these emails in HTML format send the command: SET data-protection HTML to [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^