French DPA Issues Guidance for Cookie Disclosures: Specific Consents Required for Specific Cookie Functions

In 2009, a French ordinance was put in place pursuant to the EU e-Privacy Directive (2009/136/EC), requiring online businesses and other websites to obtain prior user consent for the placement of cookies on users’ computers.   The prior consent issue has been a contentious one in Europe recently, with the Article 29 Working Party rejecting proposals from the IAB for streamlining the consent process.  On November 2, the CNIL (the French DPA) published a Guidance which spells out what it means to obtain prior consent for cookies under French law.  The CNIL observed that while web browser setting could be one way to obtain consent for the various uses of cookies, browsers have not yet evolved to provide sufficient granularity of choice.  Therefore, the CNIL has said that consent must be specific – must refer to specific processing for a defined purpose.

Notably, the CNIL Guidance says:

Violation of the French law on cookie consent can result in a fine of €300,000 but apparently the CNIL is willing to give some websites time to implement the requirements of the law as interpreted by the Guidance.

The Guidance is available here.

 

Nov. 8, 2011 – Privacy Regulators Disagree on Approach to Regulations, Huffington Post

Data and privacy regulators from governments around the world met in Mexico City last week for the 33rd International Conference of Data Protection and Privacy Commissioners. As you might expect, they were joined by companies anxious to be part of the conversation, along with people from nonprofits that focus on privacy issues.

FPF Advisory Board Member Professor Danielle Citron Comments on Study Showing Parents Facilitating Facebook Use for Kids Under 13

FPF Advisory Board Member Danielle Citron, the Lois K. Macht Research Professor of Law at the University of Maryland School of Law comments in Concurring Opinions on a study released this week by Danah Boyd, Eszter Hargittai, Jason Schultz, and John Palfrey  that Professor Citron says “sheds new light on COPPA’s failings” and underscores the need for universal privacy protections for all users rather than age or demographic-based protections.   She explains:

“Given the current regulatory attention to COPPA, the study could not be more timely or more important.  The authors surveyed a national sample of 1,007 parents and guardians who have children ages 10-14 living with them.  They found that although many sites restrict access to children, many parents knowingly allow their children to lie about their age–indeed, they often help them do so– to gain access to age-restricted sties in violation of the sites’ ToS.  This is true for some of the most popular social media sites and services, such as Facebook, Gmail, and Skype.”

Professor Citron then asks “What does all of this tell us?”   She believes that “[r]ather than providing parents and children with greater options for controlling the use of youth’s personal information, COPPA has actually encouraged the adoption of formal limits on children’s access to online services.  Those limits are rather meaningless, though.”

 

The entire piece by Professor Citron can be found here

Nov. 5, 2011 – Magid: Regulators disagree about approach to online-privacy rules, Mercury News

Data and privacy regulators from governments around the world met in Mexico City last week for the 33rd International Conference of Data Protection and Privacy Commissioners. As you might expect, they were joined by companies anxious to be part of the conversation, along with people from nonprofits that focus on privacy issues.

Nov. 2, 2011 – New Google ‘Transparency’ Feature Aims to Reduce Ad-Targeting Creepiness, Wired News

Data and privacy regulators from governments around the world met in Mexico City last week for the 33rd International Conference of Data Protection and Privacy Commissioners. As you might expect, they were joined by companies anxious to be part of the conversation, along with people from nonprofits that focus on privacy issues.

Google To De-Mystify Ad-Targeting

Wired quoted FPF’s Jules Polonetsky today in an article on Google’s new program called “Why These Ads.” Google announced the new feature to help consumers understand why they receive certain ads. To see the full article and read Jules’ quotes, please click here.

New Study Reveals Unintended Consequences of COPPA

In an effort to comply with the Children’s Online Privacy Protection Act (COPPA), an act that requires parental consent for the online collection of information about children under 13, most social networking sites simply ban children under 13 from using their service. A peer-reviewed study released today, “Why Parents Help Their Children Lie to Facebook About Age: Unintended Consequences of the ‘Children’s Online Privacy Protection Act‘” revealed that “many parents knowingly allow their children to lie about their age — in fact, often help them to do so — in order to gain access to age–restricted sites in violation of those sites’ ToS [Terms of Service].” Read more about the study here.

Research Released on Usability of Internet Privacy Tools

Researchers at Carnegie Mellon University released a study today titled, “Why Johnny Can’t Opt Out: A Usability Evaluation of Tools to Limit Online Behavioral Advertising.”  ”All nine of the tools we tested have serious usability flaws,” said Lorrie Cranor, director of the CyLab Usable Privacy and Security Laboratory (CUPS). Read the full press release here.

A Timely Post on Privacy from Visa Privacy Lead Russell Schrader

Visa’s Chief Privacy Officer, Russell Schrader, writes about Visa’s approach to consumer privacy and why their customers’ privacy is one of their top concerns. Click here for the full post.

Microsoft Measures Consumer Online Safety Awareness

Congresswoman Marsha Blackburn (R-TN), a guest speaker at the Microsoft Digital Citizen event, applauded Microsoft’s efforts to quantify consumer perceptions of Internet safety, security, and privacy; while cautioning prescriptive interventions.  “Congress needs to adopt the philosophy of first do no harm, but only once you have a defined harm,” said Congresswoman Marsha Blackburn (R-TN). “We don’t know what consumers’ true expectations are going to be in a year from now, except to say that it is evolving.”

Microsoft’s Trustworthy Computing Group, which is focused on educating consumers about safe Web use, released its first annual Microsoft Computing Safety Index, at the event, revealing that consumers are taking steps to protect themselves, but there is room for growth.  Key findings:

 

 

“I look at the index [survey results] as a report card” and “I hope the index can serve as a baseline for measurement,” said Jacqueline Beauchere, Director of Trustworthy Computing at Microsoft.  Microsoft has created an abbreviated version of its index survey, which can be taken at www.microsoft.com/security/mcsi.