Posts about the ePrivacy Directive, originally (2002) regulating the activities of public networks; then amended in 2009 to regulate cookies. Most of this was rolled into the 2016 GDPR, but in 2017 a replacement ePrivacy Regulation was proposed which is still being debated in 2021…
The theme of this week’s conference of the Forum of Incident Response and Security Teams (FIRST) is “Sharing to Win”. Perhaps inevitably, I’ve had a number of people (and not just Europeans) tell me that privacy law prevents them sharing information that would help others detect and recover from computer security incidents. If that’s right, […]
A wide-ranging panel discussion at the TERENA Networking Conference considered the stability of the Internet routing system at all levels from technology to regulation. The conclusion seemed to be that at the moment the Internet is stable because two systems, technical and human, compensate effectively for each others’ failings. While improvements to increase stability may […]
Robin Wilton of the Internet Society gave a talk at the TERENA Networking Conference on the interaction between privacy, regulation, and innovation. It’s a commonly heard claim that regulation stifles innovation; yet the evidence of premium rate phone fraud and other more or less criminal activities suggests that regulation can, in fact, stimulate innovation, though […]
The International Chamber of Commerce has published a revised version of its Cookie Guide, reflecting the new information that has been produced by the Information Commissioner and Article 29 Working Party since the original version last April. There are relatively few changes to the existing text, in particular the four ICC categories of cookie remain […]
The e-Privacy Directive’s provisions on cookies exempt two classes of cookies from the requirement to gain consent (though if they relate to individual users, websites still need to inform users about them, under data protection law): CRITERION A: the cookie is used “for the sole purpose of carrying out the transmission of a communication over […]
The Committee on Advertising Practice (CAP) has announced new rules on online behavioural advertising. UK advertisers will be expected to comply with these rules from 4th February 2013. Unlike the much-discussed cookie law, the CAP rules are technology neutral, concentrating instead on the actions involved in providing on-line adverts that are targeted to individuals’ patterns […]
An interesting paper from ENISA and the NATO Cyberdefence Centre illustrates the narrow space that the law allows for incident response, and the importance of ensuring that new laws don’t prevent incident response teams from protecting networks, systems, their users and information against attack. By comparing the details of German and Estonian law, the report […]
ENISA have published an interesting report on cyber incident reporting. Their scope is wide – incidents range from the failure of a certificate agency to storms creating widespread power (and therefore connectivity) outages. In each of these areas they find a common pattern, where governments are trying to encourage (or mandate) notification of incidents in […]
The International Chamber of Commerce has published a Guide to cookies to help businesses comply with the legislation and individuals understand what is being done with their data. Rather than concentrating on the legal issues, the guide aims to develop a common terminology for different types of cookie use, which should help to increase users’ […]
I was recently struck by just how new most of the legislation creating duties for operators of electronic communications network is. Compared to the Computer Misuse Act, which has only had one amendment since 1990, these laws seem to be changing a lot faster: Data Retention (EC Directive) Regulations 2009 – with a significant update […]