Earlier this year the European Community revised its regulatory framework for telecommunications networks, so the UK Government is now consulting on how to implement those changes in UK law. Although most of the changes are not relevant to JANET as a private network, I have responded in three areas:
- Data breach notification, where the UK seems to be treating notification as a punishment – something I’ve considered for a while would set up a very unhelpful incentive to conceal problems rather than help people recover from them;
- Cookies, where the UK seem to have come up with a pragmatic interpretation of what appears to be at best confusing and at worst unenforcible European drafting. Rather than websites having to seek explicit prior consent for all cookies, as some have interpreted the EC wording, the UK is now proposing that provided users are informed about the need to set cookie preferences, and enabled to do so, then sites can assume that if a user’s browser will accept a cookie then the consent requirement of EC law will be satisfied;
- Spam, where the UK Government don’t seem to have noticed that the EC have fixed an eight year old loophole that makes legal protection against spam less effective than it could be. This change is particularly important for universities, colleges and other organisations where a large number of users share a single internet connection. I’ve been pointing out the problem to BIS and its predecessor departments for years so have now encouraged them to make the same correction to UK law.