ClickZ reports on a new law from the European Union concerning cookies, which collect data about and can track users’ Internet searches and sites visited.
An amendment to an EU privacy directive was voted through by the Council of the EU on October 26th, and now awaits simple formalities before it comes into force. EU member states must then interpret and implement the directive through local laws by April 26th 2011 at the latest. […]
Cookies without user consent would only be allowed when they are “strictly necessary” to provide a service “explicitly requested” by the user such as storing shopping cart information on e-commerce sites, for example.
In a press release, the European Data Protection Supervisor said, “Following last week’s agreement on the EU telecoms reform, nothing stands in the way for the ePrivacy Directive to enter into force.”
The changes include:
- for the first time in the EU, a framework for mandatory notification of personal data breaches . Any communications provider or Internet service provider (ISP) involved in individuals’ personal data being compromised must inform them if the breach is likely to adversely affect them. Examples of such circumstances would include those where the loss could result in identity theft, fraud, humiliation or damage to reputation. The notification will include recommended measures to avoid or reduce the risks. The data breach notification framework builds on the enhanced provisions on security measures to be implemented by operators, and should stem the increasing flood of data breaches;
- substantially strengthened enforcement powers for national data protection authorities. They will for example be able to order breaches of the law to stop immediately and will have improved means of cross-border cooperation.
- reinforced protection against interception of users’ communications through the use of – for example – spyware and cookies stored on a user’s computer or other device. Under the new Directive users should be offered better information and easier ways to control whether they want cookies stored in their terminal equipment;
- the possibility for any person negatively affected by spam, including ISPs, to bring effective legal proceedings against spammers;