Interesting interview with Information Commissioner Christopher Graham on @R4Today about the new ePrivacy laws coming in later this year that will require explicit consent for gathering data to be used for contextual online advertising or similar purposes. Chiefly, this relates to cookies and although cookies used to gather data for shopping baskets will be fine, other cookie-ism will require permission, the theory being that websites will collect potentially “sensitive personal data” (as defined by the Data Protection Act) automatically and without the explicit permission required for this kind of activity.
Unfortunately for the Information Commissioner, his role has been somewhat undermined by comments by government minister Ed Vaizey who said that the ICO would not be prosecuting businesses in the short term while they try to work out just what the heck they’re supposed to be doing with their online activities in order to comply with the new law.
Stand by for a barrage of alarmist articles from lawyers hoping to win instructions to advise on compliance issues. Despite all the jumping up and down, the fact is that businesses very rarely get prosecuted for failing to comply with data protection laws and those that do are usually guilty of the most egregious failings known to humanity. Similarly, I can’t remember ever hearing of anyone being prosecuted for failing to comply with the requirements of the e-Commerce Directive (which includes having to list your business’s street address on your website, together with the identities of any trade or professional associations you might be a member of). So honestly, don’t panic. Keep an eye on http://www.ico.gov.uk and look out for examples of good practice.