Privacy - is the law a bad guide?
Jinfo Blog

By Tim Buckley Owen

Item

Business abhors uncertainty like nature abhors a vacuum, and there’s uncertainty a-plenty surrounding the looming compliance issue of cookies. So with half of organisations likely to have revised their privacy policies by the end of 2012, the arrival of a new information law service may be pretty timely.

LiveWire warned some months ago that there would be continuing uncertainty surrounding new cookie rules. So indeed it is proving – with the European Commission now moving on to consider Do Not Track regulation as well, even though most member states have yet to implement the initial overarching cookie legislation.

Voicing her interest in Do Not Track matters a couple of months back, European Commissioner Neelie Kroes made clear that self-regulation was part of the mix. But a recent Stanford University study suggests that voluntary Do Not Track regulation under the American Network Advertising Initiative is more honoured in the breach than in the observance.

The NAI takes issue with this, saying there has to be a distinction between operational and behavioural tracking. Maybe – but it doesn’t augur well for self-regulation generally.

Worse, there’s even disagreement within EU circles over the potential effectiveness of existing law. In a speech at the Edinburgh University School of Law recently, European Data Protection Supervisor Peter Hustinx observed that the Do Not Track initiative seemed to fall short of the Commission’s e-Privacy Directive requirements – suggesting that this raised doubts as to the Commission’s position on the subject and warning that it should avoid any ambiguity (see also a handy gloss on the speech in Pinsent Masons’ Out-Law newsletter).

Britain is one of the few member states to have implemented the cookie rules on time – but it now seems to have fallen foul of the Article 29 Working Party, which represents data protection authorities across the EU. In a formal Opinion on the definition of “consent” to the use of cookies, it makes clear that this has to be prior consent – flatly contradicting the view of the UK’s Culture Secretary Ed Vaizey (previously reported by LiveWire) that web owners didn’t need to ask first.

With all this uncertainty, it’s hardly surprising to find Gartner predicting that half of organisations will have revised their privacy policies by the end of 2012. But it adds that “legal requirements are a bad guideline as they trail technical innovation and cultural change by several years”.

So what on earth to do? Perhaps a new service from Justis has arrived just in time. Developed with the leading law chambers 11KBW, its new online and printed Information Law Reports series should at least help beleaguered privacy officers keep up with the past.

Keeping up with the future, though, may be an entirely different matter.

« Blog