Mise à jour : 8 juin 2012 (Rédaction initiale : 3 juin 2012 )

Sur le vif

British law binding sites to inform the user of the collection of cookies came legally into application on May 25, 2012. Some people say it technically impossible to meet.

http://www.thejournalofregulation.com/spip.php?article1473

A "cookie", so named because its shape recalls the shape of the cake, allows a site to remember the tastes of the user through visits and purchases which he made and decide to reuse this information. A European directive decided to limit these practices, the English legislature has provided the obligation for sites to warn the user that connects that a cookie identifies him and agrees of this acquisition of personal information, the justification for the Act is the protection of personal information that a third party data protection may thus have without the consent of the person concerned. The Act came into application in the United Kingdom on May 25, 2012. Some companies they say it technically inapplicable, both as relevant information to justify the application of the consent form and what form the consent of the user should take. They are more concerned because the entire device is subjected to penal sanctions.

© thejournalofregulation

 

The basic idea is barely questionable. The method of cookies is to capture personal data of internet users, by memorising his visits, purchases, etc., to guide him subsequently to other visits or offers to purchase, etc.

This capture of personal data was initially criticised in that it was hidden. The law required therefore that it become known to the user. But consumer law reaching the law of protection of personal data, the law requires now that the user not only takes note of the data capture that the operator made of its tastes (which it would be the holder, the question of the "property" of the data by the person who is concerned remain unclear in law), but also that it consent to it.

This is what now requires the English law in transposition that he has made the European Union law. But between "know" and "consent" the gap is huge, that any practitioner of contracts law knows. In fact, operators have been argued that it was technically impossible to them to implement procedures for proofing the consents and distinction of cookies validated (which can be stored and activated on this basis for this person) and non-validated (to be put in sleep on this person until this person is not found it useful to agree).

The fact that the statement of the technical impossibility can originate from the public authorities in the conduct of their own site had to convince the regulatory authorities responsible for the application of the new rule of protective regulation of personal data of the user. It is why Ofcom begins to admit that consent can be "implied", that is, the regulatory authority would require no express words in the part of the user. Further, the Information Commission Office (ICO) said that first of all it for the right to work of pedagogy for the operators. We can find on its site a guide and advice to conform to the "new cookie law" Act. Of course, but the Act punishes the violation of the rule by a fine of 500,000 pounds. It is sufficient to have a word of a regulator to counter the legal effect that the Act was attached to a situation sufficient? In law,not. One can infer that the principle of legal certainty will not be sufficient to protect the operators, or the great technical difficulty, even if "to do the impossible, there is no requirement" is a rule that barely remains prosperous before regulators. In any case, the legal uncertainty of such a situation is of concern.

 

votre commentaire