Archive for June, 2012

Running a sponsored advertising campaign on social media – how do you avoid falling foul of the ASA?

Earlier this year, the ASA dismissed a complaint about a Twitter based advertising campaign run by Mars. Under the campaign, Jordan and Rio Ferdinand, tweeted a series of out of character messages (including Jordan tweeting about world economics) culminating in the following tweet:

You’re not you when you’re hungry @snickersUk #hungry #spon …

…and a photo of the celebrity holding a Snickers bar.

Fast forward a couple of months, and last week the ASA upheld a complaint about a Twitter based advertising campaign run by Nike in January of this year (around about the same time as the Mars campaign). This campaign featured the following tweet from Wayne Rooney:

My resolution – to start the year as a champion, and finish it as a champion…#makeitcount gonike.me/makeitcount

…and this from Jake Wilshere:

In 2012, I will come back for my club – and be ready for my country. #makeitcount gonike.me/Makeitcount

So why was one complaint upheld and the other dismissed?

The ASA’s rules
The relevant section of the ASA’s CAP code is section 2, which states the following:

  • Marketing communications must be obviously identifiable as such.
  • Unsolicited e-mail marketing communications must be obviously identifiable as marketing communications without the need to open them (see rule 10.6).
  • Marketing communications must not falsely claim or imply that the marketer is acting as a consumer or for purposes outside its trade, business, craft or profession; marketing communications must make clear their commercial intent, if that is not obvious from the context.
  • Marketers and publishers must make clear that advertorials are marketing communications; for example, by heading them “advertisement feature.

The second requirement makes it clear that the statement identifying the message as an advert can’t be hidden in, say, a webpage linked to from a tweet, and needs to appear in the body of the tweet itself. Nike argued that it had satisfied the “obviously identifiable” requirement by including a link to a Nike url and the “#makeitcount” hashtag, which was the tagline for a new Nike advertising campaign. Nike also argued that the two players were well known for being sponsored by Nike, and therefore their followers on Twitter were unlikely to be misled by the relationship between the footballers and Nike.

The ASA dismissed these arguments.

It considered that Twitter users will follow many users and will scroll through messages quickly. The ASA also considered that Twitter followers would not necessarily have been aware of the “Make it Count” ad campaign, and would not therefore associate the #makeitcount hashtag with Nike. The test under the Code is not just that the advert be “identifiable” but “obviously identifiable”. In the absence of anything obvious in the tweets to indicate that they were Nike marketing commuications, the ASA held that the Tweets breached the Code.

The Mars approach
In its decision on the Nike case, the ASA gave the example of the inclusion of a “#ad” hashtag as a way of identifying the tweet as a marketing communication.

This is exactly what Mars did in the Snickers tweets issuued by Ferdinand and Jordan, which each contained the “#spon” hashtag. In that case, the ASA accepted Mars’s argument that this was sufficiently prominent to make the tweet obviously identifiable as a marketing communication.

Comment
Whilst both of these cases involved major international brands and celebrities, the ASA’s rulings are relevant to all organisations regardless of size.

Social media is becoming an increasingly important marketing tool. If you are planning to promote your business using third party endorsements on social media then it’s essential that your communications comply with the CAP Code.

Under the CAP Code, it is the advertiser (not the endorser) that is responsible. It’s therefore also important that you either pre-approve the communications or ensure that your endorser has been given clear guidance on the format of messages being issued. Whilst there might not be much space for regulatory compliance wording in a 140 character message, as the ASA’s latest decision shows all it takes is three characters: #ad.

PS Just to rub salt in the wound, Rooney didn’t make even manage to achieve his resolution, with Manchester City taking the title. But Nike will be happy – the tweet got a quite ridiculous 2,200 retweets.

Are you entitled to relief under a contract if your bank cannot process payments?

It looks like the fallout from a failed software update at the RBS Group is set to continue for some time to come.

I’ve blogged before about the risks of IT upgrades and the importance of business continuity plans.

For a good summary over what appears to have happened in this case, the Guardian has a very informative article, which also explains why customers are continuing to experience problems despite the fact that the original problem has apparently been fixed (if Friday’s payment cycle ran before Tuesday’s aborted cycle then the problems would likely be even worse as payments may be out of sync, meaning that the backlog has to be cleared chronologically).

Force majeure
A number of press reports are focussing on the fallout for RBS’s customers (both corporate and individuals), and the impact on their dealings.

For businesses that are affected in their dealings under their contracts with third parties, they might wish to have a look at their contracts.

Most contracts will contain provisions to deal with force majeure (often referred to as “acts of God”), under which an affected party will be relieved from an obligation to do something under a contract, where it is prevented from doing so by something beyond its reasonable control. This will usually (but not always) be drafted to include the failures of third parties.

The last time I blogged about force majeure clauses was in relation to Icelandic Volcanoes. There I looked at the impact on an organisation’s supply chain.

In this case, organisations unable to make contractual payments may find that the force majeure clause gives them relief from the obligation to make that payment and, more importantly, prevents the counterpart from taking action for non-performance.

For example, if a contract contained an obligation to make a payment by a particular date, and the contract stated that time was of the essence in relation to that obligation, then a failure to make the payment may trigger a right for the other party to sue for damages (for example interest incurred) or to terminate the contract.

As payments continue to be delayed, a force majeure clause might give the customer valuable relief. Importantly, whilst the customer would be relieved from its obligation to perform, the supplier of a service should still be obliged to perform as normal.

Watch the drafting
On this point, I’ve noticed an increasing tendency for suppliers to seek to carve out the customer’s obligation to pay charges from the scope of relief granted for a force majeure event. The logic (from the supplier’s perspective) is that a force majeure event should not excuse a customer from making routine payments (which would in turn impact upon the supplier’s cashflow).

The RBS incident shows precisely why customers should seek to resist such wording.

Ultimately, this comes down to risk allocation. Who should bear the risk arising out of an event beyond the control of the parties to the contract? The customer or its supplier?

Could adhoc solutions to the cookie law be harming website usability?

Last week I was invited to speak to members of the Scottish Usability Professionals Association (SUPA) about the new cookie law.

SUPA “brings together UK professionals based in Scotland from the design, technology and research communities who share a vision of creating compelling technology that meets users’ needs and abilities”, and the topic of my presentation was the interaction of the cookie law with disability discrimination laws and website usability.

One consequence of the cookie law is that a number of the consent mechanisms being adopted by organisations to deal with cookie consent have an adverse impact upon the accessibility of the website to users with disabilities, and the usability of the website to users as a whole. This not only makes the website harder for users to use, but might also put the organisation in breach of its obligations under the Equality Act.

Potential usability and accessibility issues
We had a great discussion. Here are a number of the usability and accessibility issues we identified:

  • The use of a pop-up upon arriving at a website can clearly impact on the user experience – users can’t get to the information that they want to access without first reading/dealing with the pop-up. Does that inhibit users from finding the information that they are looking for?
  • On the other hand, the use of implied consent and a link to a cookies policy at the foot of the page is also poor from a usability perspective. Users are unlikely to see it (particularly on a mobile device), and therefore it’s difficult to say that consent has been given.
  • Mobile devices such as smartphones and tablets raise particular issues. Pop-up boxes at the bottom of the page are difficult to read and may be overlooked. If the default setting of these mechanisms is opt-in, then it may be difficult to argue that consent can be implied.
  • Pop-ups or cookie control devices that use Javascript may not be compatible with screen readers or devices that do not use Javascript. This may cause problems for users of those devices.
  • Pop-ups are often set to disappear after a certain period of time (for example 10 seconds), which may not be sufficient time for the user to read and understand the message
  • Again, on pop-ups, some pop-ups have a link to a cookies policy, but the cookies policy page appears on screen *behind* the pop-up, making it impossible to read without accepting all the cookies!
  • Many websites offer an all or nothing approach to cookies – users either have to accept all cookies or none, limiting user choice and user control.
  • Websites that only offer an “I agree” option – users may click “agree” simply to get rid of the box, menu bar etc.
  • Granular, interactive, control panels (such as those used by BT and BBC) can help improve usability and user control, but are often set to accept all cookies (including targeted advertising cookies) by default, or lump together targeted advertising with social sharing tools.
  • There is no consistent approach across websites (even in the implementation of third party products, such as Cookie Control) meaning that each website is different.

What is the solution?
This last point is perhaps one of the most telling.

From a user experience perspective, a multitude of different systems and approaches is confusing, and does little to increase user understanding of cookies (one of the aims of the new law). In order to be effective, a common approach is needed. If not, and websites continue to deal with cookies in different ways, usability will suffer.

This can be achieved in two ways: by clear guidance from the regulator and, perhaps more importantly in the long term, the implementation of suitably sophisticated privacy dashboards in web browsers. Ultimately, the reason for website operators having to introduce adhoc consent mechanisms is a failure to have in place an appropriate browser based solution at the time the law came into force. If privacy features can be built into the UI can be done with the iOS developer platform, then there is no reason it can’t be done across browsers generally.

In both cases, this needs joint action from the various national privacy regulators in Europe.

In the case of the former, to agree consistent, more detailed guidance of what is expected, and in the case of the latter to work with browser manufacturers and the W3C to develop a common browser based solution. When the new cookie law was published last summer we were told that the latter was happening, but to date there has been little sign of progress.

The Do Not Track initiative may give the building blocks for doing that, if it can be widened to cover all cookies and adopt the principles of privacy by default. Things are moving in the right direction, but as recent coverage reports, Do Not Track isn’t yet the panacea that some people would like it to be.

What do you think?

PS for a more detailed, technical assessment of some of the usability and accessibility problems with various cookie law solutions, read SUPA member James Coltham’s excellent blog on the subject.

Holy social media lawman…should lawyers use Twitter and Facebook?

The legal profession and social media
To tweet or not to tweet, that is the question.

Numerous surveys indicate that social media networks are an important source of new work and we are all glued to our smartphones and tablets sharing views and information with a global audience. It therefore seems a rhetoric or after the event question to ask whether and how lawyers should use social media. 

However, when you delve beneath the surface of social media, questions arise for example about confidentiality and the appropriateness of on-line connections between lawyers involved in ongoing transactions or disputes or even between lawyers and judges. In addition issues about liability for employees activities and on-line reputation management need to be factored in too.

Scottish guidance
Clear guidance and policies on social media are key but are still not in place in many organisations.  The good news is that guidance is at hand for Scottish lawyers. Recently the Law Society of Scotland issued guidelines on the use of social media covering topics such as business opportunities, ethical and professional considerations and security of confidential information. A copy can be located here.

The guidelines were prepared in conjunction with the Law Society of Scotland Technology Committee and as a committee member I know they formed part of a wider global research programme on the impact of online social media on the legal profession carried out by the International Bar Association (IBA).

An international overview
The IBA report (The Impact of Online Social Networks on the Legal Profession and Practice) is described as the first global report on the issue of social media use in the legal fraternity canvassing the attitudes of 47 bar associations. The submission made by the Law Society of Scotland is referred to and quoted throughout the IBA report and demonstrates a practical and positive attitude towards the use of social media. A copy of the report can be found here.

It is interesting to note that in many countries there are significant concerns about whether it is appropriate for lawyers to use and engage on social media platforms and cultural differences may need to be borne in mind when aiming to connect with lawyers and professionals in other countries.

Clearly social media is a key part of day to day professional and personal life opening up fantastic business and networking opportunities. The genie is not going to go back in the bottle, and nor should it, but the old adage of think before you click/tweet/post/link is even more important as our digital footprints grow.

Robert Buchan

Orphan works – copyright framework to be updated for the digital age

You may remember last year that legal action was raised in the US for copyright infringement in relation to Google’s digitisation project that made thousands of books held in major US libraries available online.

The action stemmed from the fact that a number of the books made available by Google were by unidentified authors whose authorisation (by definition) Google had not obtained, and so technically they had no licence to use the works.

Copyright law in the UK
These unidentified “orphan” works, share a similarly precarious position in UK copyright law. In the UK, copyright automatically attaches as soon as a copyright work (a painting, film or book, for example) is created. Copyright does not last indefinitely, but generally runs until 70 years after the death of the creator.

If you want to use a work that is currently within copyright and your proposed use does not fall within one of the express pemritted exceptions set out under the Copyright, Designs and Patents Act, then you must obtain permission from the copyright holder. If you don’t then you will be infringing their rights and you could be sued for copyright infringement. 

Orphan works
Obtaining a licence is, on the face of it, a relatively straightforward process if you know who the copyright holder is (although agreeing a licence fee may be less so). But what if the photograph or the piece of prose you want to use is anonymous or you simply can’t track down the copyright holder or identify how old the work is? How much investigating are you required to do to protect yourself from an infringement action should the copyright holder surface further down the line?

The answer is, well, unclear. There is no set level of diligence that is required and no right to freely use orphan works. This failure of the current legislative framework was addressed in the Hargreaves Report.

As detailed in the Hargreaves Report, the problem of orphan works affects larger digitisation projects more acutely that it does one-off use. Many institutions responsible for archiving, such as the British Library or the British Museum, are digitising their catalogues for preservation purposes but risk copyright infringement in relation to the more obscure, anonymous, works that are most often in need of preservation.

Projects that aim to broaden the audiences of certain works such as the BBC’s Public Catalogue Foundation face the same problem. The Hargreaves Report estimates that 40% of the works to be catalogued in these digitisation projects would be classified as orphan works.

New legislation
At a European level a common approach to deal with orphan works has now been agreed in principle to allow public institutions to carry out digitisation projects legally. The finer details have not yet been released, but the key aspects of the proposed clearance procedure cover diligence requirements and compensation.

The proposed legislation would require a “diligent” search to be carried out in good faith to identify the copyright holder before the work could be classified as an orphan work. Importantly, if classified, the work would then officially be given orphan status on an EU-wide basis.

If a work was given orphan status, but the copyright holder was then identified at a later date, compensation would be payable (at a level to be set on a case by case basis, taking into account any damage to the author’s interests and the fact that the use is non-commercial) with special provisions around public institutions to protect them from the risk of having to pay out large sums. The draft directive also allows institutions to monetise the orphan works to recover the costs of the digitisation process.

Next steps
The next step is for the draft directive to be formally approved by the various EU institutions, and it is expected that this will happen in the coming months. Once implemented, the new rules will give this area of law (in the EU at least) some much needed, and much welcomed, clarity.

Leigh Kirktpatrick

Brodies launches Intellectual Property survey on how organisations value their intellectual assets

In conjunction with ADS, SCDI and ScotlandIS, Brodies is launching a 60 second survey to identify how key intellectual property (IP) assets are dealt with and the IP issues which matter most to businesses today. We want to hear your views and appreciate your participation.

Year on year investment in the UK in intangible assets such as IP is higher than investment in traditional physical assets such as machinery or premises. IP rights, whether to a brand, design or manufacturing process, are often the most valuable asset that a business owns.

For any business to maintain a competitive advantage in the marketplace and maximise the return on investment, IP rights require to be properly managed or they will simply go to waste. Are you confident that you are making the most of your IP?

Please click here to take part (anonymously) in our 60-second survey and let us know what matters most to you in intellectual property.

We look forward to sharing the results with you.

Thanks for taking part!

Robert Buchan

PS here is our launch advert from this morning’s edition of The Herald. Use the QR code or the link above to let us know your views:

Brodies advert in The Herald 20 June 2012 launching the IP survey

ICO issues £225,000 fine following failure to adequately protect paper records on disused site

An NHS Trust in Northern Ireland has been fined £225,000 by the ICO, following unauthorised access by tresspassers to medical and staff records held in a disused building.

The fine is the second highest to date issued by the ICO, beaten only by that issued last month to Brighton and Sussex University Hospitals Trust.

Background
The Trust was formed by an amalgamation of a number of acute and community NHS Trusts in April 2007, taking over responsibility for more than 50 disused sites. Patient and staff records were stored at one of the sites, which had been closed the previous year. The Trust did deploy manned security guards on the site, but within a number of months the existing CCTV system on the site was failing. Tresspassers gained access to the site and took photographs of the records, which were then posted on the internet. The Trust became aware of the issue in March 2010.

Upon becoming aware of the unauthorised access, the Trust arranged for an inspection of seven of the 40 or so buildings onsite, and discovered a large quantity of records. However, rather than remove the records, the Trust instead carried out some remedial work to the site, including the repair damaged doors and windows and increased foot patrols.

A year or so later media reportes that the security of the records had again been comprimises. A further inspection was carried out, which revealed the full extent of the problem, including that many records had been retained in breach of the Trust’s records retention policy. Records on site included 100,000 medical records, and 15,000 staff records, including unopened wage slips. The records were found stored in boxes, in cabinets, on shelves or on the floor.

Reasons for the fine
A number of factors counted against the Trust and led to the large fine:

  • The Trust did not carry out an inspection when it took over responsibility for the site – it simply didn’t appear to know about the records stored on the site;
  • The data involved was highly confidential and sensitive;
  • It took the Trust nearly four years to fully decommission the site (and it only became aware of the records as a result of a report from a third party);
  • The breaches arose because of the negligent behaviour of the Trust in failing to take appropriate technical and organisational measures against unauthorised loss of personal data;
  • The Trust did not report the breaches to the ICO.

Comment
It is no accident that the largest two fines to date have been issued to organsations in the NHS.

NHS bodies handle some of the most sensitive data relating to an individual, and the consequences of unauthorised access or disclosure can be particularly distressing and damaging for the data subjects.

As I have noted previously, the level of effort the Data Protection Act requires data controllers to take in relation to preventing unauthorised access or disclosure is directly linked to the harm that might be caused to data subjects from that unauthorised access or disclosure. It is not dependant upon the risk of an incident occurring, and the fact that the disclosure arose as a result of a deliberate act by a third party makes little difference.

The fine is another timely reminder for those organisations involved in processing highly sensitive personal data to ensure that they are fully aware of the data that they hold, and that they have in place (and have implemented) robust informations security and data retention policies to protect that personal data against unauthorised access or disclosure. It is not simply a case of assessing the likelihood of a breach occurring, but rather what damage might occur if the worst does happen.

New guidance on IT security for small businesses

The ICO has published a short guide for small businesses on IT security.

The guide is ideal for small organisations that are trying to get to grips with their obligations under the Data Protection Act, and are yet to develop an IT security policy (or wish to review their current policy). Helpfully, whilst the guide doesn’t provide a template policy, it does provide organisations with a checklist of issues to consider and some practical recommendations.

In particular, the guide provides more detailed advice in relation to problem issues such as securing data on the move, being alert to potential IT security issues, awareness within an organisation, minimising data collection and processing, and the use of third party IT contractors.

You can download the guide here.

New surveillance bill faces criticism

Last Thursday, the Government published its draft Communications Data Bill which, it is fair to say, has been met with wide criticism.

The Bill, which was trailed in the Queen’s Speech earlier this year and has been dubbed a ‘snoopers’ charter’, grants additional powers to law enforcement agencies to access communications data, updating and extending the current powers already granted under the Regulation of Investigatory Powers Act (RIPA).

What does the Bill cover?
When John first blogged on this (back in April), we had little detail on what the proposed bill might say. But as anticipated, the scope of the draft Bill has been widely drawn. Too widely drawn perhaps. Should the Bill be made law, businesses that ‘transmit communications’ will be required to hold records of all communications transmitted for a 1 year period. This will include the likes of telephone providers and internet service providers, but also other businesses involved in enabling and transmitting communications such as social media networks and webmail email systems.

The data that they will be required to store will include email addresses, telephone numbers, and websites visited – the headline information about the communication – but it will not extend to the content of the communication, so the law does not require that the content of a specific web pages visited or the content of an email are stored (although taking the “postcard” analogy, this may be the practical effect). These data records can then be released to law enforcement agencies and certain other public bodies.

Privacy concerns
In Theresa May’s introduction to the Bill she states that the Bill “strikes the right balance between protecting the public and safeguarding civil liberties”. This hasn’t been the public’s perception.

Privacy campaigners, human rights groups and the general public have all expressed concern that the Bill is too far-reaching in scope and intrusiveness, and threatens an individual’s right to freedom. In fact even the privacy impact assessment that was released with the Bill highlighted the risks to personal privacy that the suggested level of surveillance would pose.

In particular, critics cite the lack of independent judicial scrutiny of the authorisation process for public authorities gaining access to communications data, with authorisations instead approved by a senior officer within the authority.

Data security is also a key concern. If communication businesses are required to collect this data then it must be secured (and subsequently destroyed) in such a way that it complies with the Data Protection Act. In a statement issued in response to the Bill by the ICO (the organisation responsible for regulating data protection compliance) it implied that it does not have adequate powers or resources to monitor this increase in data retention requirements.

Cost of surveillance
Aside from the privacy implications of the Bill, there is also a considerable financial cost attached to the new Bill.

As with the current arrangements under RIPA and Data Retention Regulations, the Government is to reimburse the cost incurred by communications companies in storing and providing access to communications data. This has been estimated to cost a minimum of £1.8 billion over 10 years. This figure can be best described as conservative.

It doesn’t take into account inflation (both financial and in the volume of communications), the potential for an inevitable increase in the use of electronic communications nor the costs incurred in bolstering the ICO’s investigative and enforcement capabilities.

Recognising the need to strike the right balance between protecting the public and safeguarding civil liberties, the Government has submitted a draft bill for pre-legislative scrutiny by both Houses of Parliament, with a view to introducing the final bill to Parliament later this year. It will be interesting to see how much this Bill changes as it is debated in the public and parliamentary arenas before it becomes law.

Leigh Kirktpatrick

New guidance on cookies that are exempt from consent requirements

The Article 29 Working Party, a grouping of representatives from the various national privacy regulators in Europe, today published an opinion on the “essential cookies” exemption under the cookie law.

Opinions of the Article 29 Working Party have no legal effect, but do represent the joint thinking of the national regulators and in turn can often influence the future direction of European data protection law, and may assist organisations currently grappling with the cookie law.

The law
Under the revised law, the requirements in relation to consent do not apply to cookies that:

  • are used for the sole purpose of carrying out the transmission of a communication over an electronic communications network; or
  • are strictly necessary in order for the provider of an information society service [essentially a website] explicitly requested by the subscriber or user to provide the service.
  • As readers will know from previous Techblog posts, neither the UK implementing regulations or the original directive give much further guidance on what falls within the “strictly necessary” category.

    Accordingly, the Working Party has published its opinion on what it thinks the law is. In addition to listing examples of cookies that are or are not essential (and therefore exempt from the consent requirement), the guidance also analyses factors such as whether the cookie is first and third party, and whether it is as session cookie or persistent. The opinion notes that fact a cookie is third party or persistent is not necessarily fatal to it being “essential” – for example, it may be appropriate for a cookie to persist for a reasonable period of time following the user leaving the website.

    Cookies that are essential
    The opinion lists the following types of cookies as potentially being exempt:

    • user input cookies – cookies used to keep track of a user’s input. For example, the completion of a multi-page form, or a shopping basket on an e-commerce website.
    • authentication cookies – cookies used to identify a use once he has logged in to a website. But cookies used to “remember me” to avoid the need to log in for future visits are not considered “essential.”
    • user-centric security cookies – for example cookies used to detect the number of failed log-ins to a service specifically requested by a user.
    • multimedia player session cookies – cookies used to store technical information (for example network speed, quality and buffering) needed to play video or audio content requested by the user. This might include Flash cookies.
    • load balancing session cookies used to manage server load balancing. This would fall within the first bullet above (the transmission of a communication).
    • UI customisation cookies – cookies used to remember preferences specifically set by a user (for example, language or display preferences set using a button or tick box) and not linked to other data such as the user’s username. The guidance is slightly contradictory here, but it appears to suggest that if the customisation applies longer than the session then he opinion states that consent is required, but this could be done by including a “uses cookies” message next to the button or tick box.
    • social media content sharing cookies – cookies used by social media plug-ins to identify users that are logged in to social media networks and which are used to enable them to share content using that social media network. These cookies should only persist for so long as the user is logged in or “close his browser” (it’s not clear how this equates with a user that asks the social media network to “remember me”), and the exemption will not apply where that cookie is dropped onto the device of a user who is not logged in.

    In each of these cases, the exemption is dependant upon cookie not persisting for longer than necessary and the cookie not also being used for other purposes.

    Cookies that are not essential
    The opinion also lists a number of cookies that, in the eyes of the Article 29 Working Party, are not essential:

    • social plug-in tracking cookies – cookies used to track the activity of logged in users of social networks (for example, for the purposes of targeted advertising, or analytics etc).
    • third party advertising – unsurprisingly, cookies used for third party advertising (that is, advertising served by a domain outside the website in question) are not considered essential. The Working Party is lobbying to ensure that all such cookies are included in the W3C.
    • first party analytics – the opinion confirms the Working Party’s view that first party Analytics cookies (for example, those used for Google Analytics) are not essential and therefore require consent.

    As I noted at the outset of this blog, the Working Party’s opinions have no legal standing, but some of the types of cookies listed as falling within the exemption, and the comments on assessing whether or not a cookie is likely to fall within the exemption should give web site operators some assistance when determining how to implement the changes necessary for their websites. As with the ICO’s recent updated guidance, it’s just a shame that this guidance wasn’t available in the run up to 26 May.


    Twitter: @BrodiesTechBlog feed

    Error: Twitter did not respond. Please wait a few minutes and refresh this page.

    June 2012
    M T W T F S S
    « May   Jul »
     123
    45678910
    11121314151617
    18192021222324
    252627282930  

    %d bloggers like this: