We are a quite small museum doing normal things with an ordinary website.  The advice we have received is that the only area we will have to look at is where email addresses are gathered because someone uses the website to make contact.  If others think or know different, we'd like to be aware.


Bob Clark
Director
The Auchindrain Trust
mailto:[log in to unmask]

-----

Tuesday, April 3, 2018, 6:21:09 PM, you wrote:

My understanding is that cookies (or any other tracking tools) are only covered under GDPR if they are collecting personal data. Otherwise they are covered by PECR which isn't changing at this time and I think this is why there's been no additional guidance issued. So unfortunately it very much depends on what cookies you're using and what they do. Re persistent cookie notice - a large number of folk include a clear link to the detailed cookie advice in their footer so that it's always available - which I see RSC already does. If your cookies are feeding back IP addresses to a tool you use, you'd likely need to combine it with other data in order to be able to take a guess at who the person is. IP addresses might be classified as a pseudonymous if you have other data sources that combine it with in order to identify someone but it totally depends what systems you're using and what else is being collected through that system. On 3 April 2018 at 17:33, Tony Crockford <[log in to unmask]> wrote: On 3 Apr 2018, at 11:56, John Benfield <[log in to unmask]> wrote: You then have to allow users to change their mind at any point via a similar option, which sounds like a persistent cookie notice. I'm still struggling with the concept that the use of cookies could accurately (beyond all reasonable doubt)  identify an individual. How does anyone know for certain  that the person driving my computer is me? in a shared computer household with multiple devices, does anyone really know that the site visit is by me and not by a family member, or family friend or indeed the family cat? ...and then there's the question of circumstances where IP addresses aren't fixed, how would an IP address recorded by a cookie one week identify an individual if a different household router were awarded the same IP address next week? how personal is that data now? :( **************************************************************** website: http://museumscomputergroup.org.uk/ Twitter: http://www.twitter.com/ukmcg Facebook: http://www.facebook.com/museumscomputergroup [un]subscribe: http://museumscomputergroup.org.uk/email-list/ **************************************************************** -- Dee Ishani 07740 356873 [log in to unmask]  twitter: stripysocksrock skype: nadine.ishani linkedin: https://uk.linkedin.com/in/nadineishani **************************************************************** website: http://museumscomputergroup.org.uk/ Twitter: http://www.twitter.com/ukmcg Facebook: http://www.facebook.com/museumscomputergroup [un]subscribe: http://museumscomputergroup.org.uk/email-list/ ****************************************************************

**************************************************************** website: http://museumscomputergroup.org.uk/ Twitter: http://www.twitter.com/ukmcg Facebook: http://www.facebook.com/museumscomputergroup [un]subscribe: http://museumscomputergroup.org.uk/email-list/ ****************************************************************