Tuesday, 24 May 2011

Cookies: “Keep calm and carry on”, advises our Minister


In the space of just a few weeks, we’ve really been spoilt by those who have been appointed to rule us.

Not only have we been given the Statutory Instrument that implements the new cookie rules, and guidance from the Information Commissioner’s Office about the steps that need to be taken in order to comply with the rules, but our very own Minister has even just written us an open letter setting our minds at rest about some of the issues that were immediately raised by those who had digested the previous documents – and didn’t quite understand what was meant (or what should be inferred) from the text of the Statutory Instrument.

So, our compliance tool kit now comprises:
8 pages of regulations
2 pages of explanatory notes to the regulations
9 pages of ICO guidance
6 pages of DCMS guidance
1 "know your cookies" audit spreadsheet, prepared by our friends at Barclays
and, in a few weeks time , we can expect some more pages of ICO guidance on other matters covered by the Statutory Instrument.

Good going, well done.

A few of the usual data protection suspects huddled together after this evening's meeting of the Digital Economy Act All Party Parliamentary Group, which had actually met in Portcullis House to consider the future of mobile services, data roaming and spectrum. The general consensus was of considerable gratitude that Ed Vaizey, our Minister for Culture, Communications and Creative Industries had been so bold as to put his name to a document that has quite firmly established the Government’s direction of travel. The message to those who doubt the British pragmatic approach is, basically: get real. Or as Ed put it, much more elegantly in his open letter: we remain firmly convinced that the UK implementation is correct that it is good for business, good for consumers and addresses in a proportionate and pragmatic way the concerns of citizens with regard to their personal data online.

Whether the Article 29 Working Party, for example, shares his views on obtaining or expressing consent in the context of cookies, will be a debate that will rumble on for a long time. Webmasters don’t need to get prior consent for cookies, just consent. Wow. So a cookie can continue to be loaded onto a device as soon as the browser accesses the target website, just like today. Then the webmaster can seek consent. Thank goodness for that. Sanity prevails. Whether such sanity will prevail elsewhere in the EU is a matter that will only be resolved when the other Member States reveal their intentions as to how they will implement the rules. We Brits have found something that could work awfully well in practice, so let’s hope that others don’t complain too loudly that it doesn’t really work in theory.

There’s no need for me to comment on the other items covered in Ed’s letter. Plenty of others will be offering us a more detailed analysis in the comming days and weeks. Suffice to say, it’s great to realise that Ed's officials have recognised the real concern among some of those who are to be affected by the new rules. Those who wanted to comply needed some reassurance in how they should go about complying – and some of this reassurance has been forthcoming.

I doubt that Ed will continue issuing such letters, as Ministers don’t usually offer running commentaries on what their Statutory Instruments actually mean – they normally leave that up to the Judges to decide. However, I’m certain that a open letter such as the one published today will carry just as much judicial weight as a Ministerial statement in Parliament, and so for that I’m very grateful.

As an afterthought, given the ferocity with which the Judiciary have been challenged recently over the appropriateness of issuing injunctions to prevent the press from reporting what many thousands of people have already read on Twitter and other forms of social media, Ed may be realising that, actually, these days, Ministers could have more moral authority in privacy matters than Judges.