全面解读： cookies使用与隐私法规指导

需积分: 9 56 浏览量更新于2024-07-26 收藏 392KB PDF 举报

本文档提供关于《饼干指南》（Cookies Guidance）的详细信息，重点关注根据2003年《隐私与电子通信指令》（Privacy and Electronic Communications Directive Regulations, ECDR）对 cookies 和类似技术使用的法律规则。主要内容分为以下几个部分： 1. **介绍**：文档首先明确了这些法规适用于通过用户的计算机或移动设备存储和访问信息的cookies和相似技术。 2. **背景**：讲述了制定这些指导原则的背景，可能是由于用户隐私保护意识增强，以及随着技术的发展，cookies在商业和广告领域的广泛应用。 3. **消费者对cookies的认识**：强调了提高消费者对cookies功能、目的和影响的理解的重要性。 4. **术语与定义**： - **Cookies**: 定义为小型数据文件，用于跟踪用户行为、存储个人信息。 - **用户与订阅者**: 指使用或接收cookies服务的人。 - **终端设备**: 包括电脑、手机等用户接触信息的设备。 5. **同意机制**： - **事先同意**：指在使用cookies前必须得到用户的明确许可。 - **默示同意**：可能基于用户的在线行为而默认接受，但需确保用户可以随时撤销。 - **用户或订阅者的同意**：明确指出如何获取并记录用户的同意。 6. **法律规定**：概述了在使用cookies时必须遵守的具体法律条款和条件。 7. **豁免同意的情况**：列举了一些情况下，如必需功能、匿名分析或用户已表示接受的例外情况。 8. **合规责任**：企业应确保遵守规定，对违反法规的行为承担责任。 9. **浏览器设置**：用户如何管理自己的cookies设置，以控制个人信息的处理。 10. **合规实践建议**： - **初始步骤**：如何开始实施cookies策略，如政策制定和培训。 - **进行cookies审计**：定期审查以确保合规性。 - **提供信息**：清晰地向用户传达关于cookies的使用信息。 - **实践中的获取同意**：提供易于理解的同意流程。 - **cookies的替代方案**：探讨其他技术来满足需求，减少对cookies的依赖。 - **cookies与个人数据**：明确cookies收集、存储和使用的个人数据类型及保护措施。 11. **分阶段实施**：对于大型组织，可能推荐逐步引入和优化cookie策略。 12. **执行与处罚**：强调法规执行力度，违反规定的后果可能包括罚款和声誉损害。 13. **常见问题解答**：为读者提供关于cookies和法规问题的答案，帮助理解和解决实施过程中的疑问。本文是为那些需要遵循ECDR法规的企业和网站管理员提供的一份全面指南，旨在确保他们在使用cookies和其他类似技术时，尊重用户隐私，同时满足法律要求。

remembering what a user has put in their shopping basket as they browse

around a site. They could also be used for security when a user is

accessing internet banking or to facilitate use of webmail. These session

cookies expire after a browser session so would not be stored longer term.

For this reason session cookies may sometimes be considered less privacy

intrusive than persistent cookies.

 Persistent cookies – are stored on a users’ device in between browser

sessions which allows the preferences or actions of the user across a site

(or in some cases across different websites) to be remembered. Persistent

cookies may be used for a variety of purposes including remembering

users’ preferences and choices when using a site or to target advertising.

 First and third party cookies – Whether a cookie is ‘first’ or ‘third’ party

refers to the website or domain placing the cookie. First party cookies in

basic terms are cookies set by a website visited by the user - the website

displayed in the URL window. Third party cookies are cookies that are set

by a domain other than the one being visited by the user. If a user visits a

website and a separate company sets a cookie through that website this

would be a third party cookie.

Subscriber

This means a person who is a party to a contract with a provider of public

electronic communications services for the supply of such services. In this

context the person who pays the bill for the internet connection (that is, the

person legally responsible for the charges)

User

This means any individual using a public electronic communications service. In

this context a user would be the person sat at a computer or using a mobile

device to browse the internet.

Terminal equipment

The device a cookie is placed on – usually a computer or mobile device

Consent

The Regulations require that users or subscribers consent. Directive 95/46/EC

(the Data Protection Directive on which the UK Data Protection Act 1998 (the

DPA) is based) defines ‘the data subject’s consent’ as:

‘any freely given specific and informed indication of his wishes by which the data

subject signifies his agreement to personal data relating to him being

processed’.

Consent must involve some form of communication where the individual

knowingly indicates their acceptance. This may involve clicking an icon, sending

5

V.3May2012

an email or subscribing to a service. The crucial consideration is that the

individual must fully understand that by the action in question they will be giving

consent.

‘Prior’ consent

It has been suggested that the fact the Regulations do not specifically refer to

‘prior’ consent suggests that consent can be obtained after the activity consent

is needed for has occurred (in this instance after the cookie has been set).

It is difficult to see that a good argument could be made that agreement to an

action could be obtained after the activity the agreement is needed for has

already occurred. This is not the generally accepted way in which consent works

in other areas, and is not what users will expect. Setting cookies before users

have had the opportunity to look at the information provided about cookies, and

make a choice about those cookies, is likely to lead to compliance problems. The

Information Commissioner does however recognise that currently many websites

set cookies as soon as a user accesses the site. This makes obtaining consent

before the cookie is set difficult. Wherever possible the setting of cookies should

be delayed until users have had the opportunity to understand what cookies are

being used and make their choice. Where this is not possible at present websites

should be able to demonstrate that they are doing as much as possible to reduce

the amount of time before the user receives information about cookies and is

provided with options. A key point here is ensuring that the information you

provide is not just clear and comprehensive but also readily available.

You should also consider whether users who might make a one-off visit to your

site would have a persistent cookie set on their device. If this is the case, you

could mitigate any risk that they would object to this by shortening the lifespan

of these cookies or, where possible given the purpose for using them, making

them session cookies.

Implied consent as a basis for compliance with the Privacy and

Electronic Communications Regulations.

Much of the debate around the so-called “consent for cookies” rule has focussed

on the nature of the consent required for compliance. Implied consent has

always been a reasonable proposition in the context of data protection law and

privacy regulation and it remains so in the context of storage of information or

access to information using cookies and similar devices. While explicit consent

might allow for regulatory certainty and might be the most appropriate way to

comply in some circumstances this does not mean that implied consent cannot

be compliant. Website operators need to remember that where their activities

result in the collection of sensitive personal data such as information about an

identifiable individual’s health then data protection law might require them to

obtain explicit consent.

Early reporting on the new rule led some to believe that an explicit, opt-in style

consent would be required for every cookie each time it was set. The

6

V.3May2012

剩余30页未读，继续阅读

zhangfangrui

粉丝: 3
资源: 13

全面解读： cookies使用与隐私法规指导

cookie说明

关于cookie

cookies基础资料

mysql: [Warning] Using a password on the command line interface can be insecure. ERROR 1049 (42000): Unknown database 'parking_guidance'

e_t_uncond 和 unconditional_guidance_scale 概念

clip_guidance_preset这个参数什么意思

写一段导弹打击目标的matlab代码，模拟各个阶段的轨迹

用matlab写比例导引的代码

写一个比例导引法的程序

最新资源