Like museums, the higher education sector has been following the cookie legislation with much interest. A survey of use of cookies on UK Russell Group university home pages was carried out in May 2011 [1] and this was followed by suggestions on how UK Universities should respond to cookie legislation [2], including agreeing on appropriate best practices within the sector.
Following the publication of government advice on interpretation of the legislation in December 2011 it was suggested in [3] that sensible pragmatic advice was being provided by the Government and rather than implementing suggestions from legal experts who seem to focus on worst case scenarios ("you must switch off Google analytics as they use cookies") the sector should focus on (a) auditing its use of cookies and (b) providing clear documentation on reasons why cookies were being used.
In February 2012 a post was published which provided links to institutional privacy statements from across the sector which can help in the sharing of best practices [4].
In March 2012 an article was published in the JISC Inform newsletter [5] which summarised this work.
At UKOLN's IWMW 2012 event in Edinburgh on 16-18 June we'll be running a 90 minute workshop session about privacy, cookies and legislation [6].
Earlier today I came across an article entitled "Enforcement of cookie consent rules for analytics not a priority, ICO says" [7] which seems to validate the view that the priority shouldn't be in removing web analytics code which make use of cookies.
In light of this, I wonder whether it would if, once the legislation comes into force and its scope becomes established, it would be appropriate to send in FOI requests to organisations which removed useful services which made use of cookies asking them to provide information on the costs in removing such services and replacing them with alternatives :-)
More seriously, the point I am making is that although there may be risks in not conforming to the letter of the law (even badly drawn-up legislation) there can also be risks in conforming with legislation. It's strange people tend to fail to mention this!
Thoughts?
Thanks
Brian
References
1 Privacy Settings For UK Russell Group University Home Pages, UK Web focus blog, 24 May 2011
http://ukwebfocus.wordpress.com/2011/05/24/privacy-settings-for-uk-russell-group-university-home-pages/
2 How Should UK Universities Respond to EU Cookie Legislation?, UK Web focus blog, 26 May 2011
http://ukwebfocus.wordpress.com/2011/05/26/how-should-uk-universities-respond-to-eu-cookie-legislation/
3 The Half Term Report on Cookie Compliance, 15 December 2011
http://ukwebfocus.wordpress.com/2011/12/15/the-half-term-report-on-cookie-compliance/
4 Next Steps In Addressing Forthcoming Cookie Legislation, 20 Feb 2012
http://ukwebfocus.wordpress.com/2012/02/20/next-steps-in-addressing-forthcoming-the-cookie-legislation/
5 The New Cookie Laws: How Aware Are You?, Kelly, B. JISC Inform, issue 33, March 2012
<http://www.jisc.ac.uk/inform/inform33/CookieLaw.html>.
6 Responding to the Cookie Monster, IWMW 2012
http://iwmw.ukoln.ac.uk/iwmw2012/sessions/gibbons/
7 Enforcement of cookie consent rules for analytics not a priority, ICO says, Out-Law.com
http://www.out-law.com/en/articles/2012/april/enforcement-of-cookie-consent-rules-for-analytics-not-a-priority-ico-says/
--
--------------------------------------------------------
Brian Kelly
UKOLN, University of Bath, Bath, UK, BA2 7AY
Email: [log in to unmask]
Blog: http://ukwebfocus.wordpress.com/
Twitter: http://twitter.com/briankelly
****************************************************************
website: http://museumscomputergroup.org.uk/
Twitter: http://www.twitter.com/ukmcg
Facebook: http://www.facebook.com/museumscomputergroup
[un]subscribe: http://museumscomputergroup.org.uk/email-list/
****************************************************************
