ComputerWeekly reports on the European Commission Citizens Rights Directive's rules for data security and breach disclosure. "These new rules focus in particular on the dropping of cookies onto our equipment," the report states. "This will only be lawful if the service provider has the subscriber or user's consent." The report points out that the benchmark for consent to be considered valid is that it "must be freely given, specific and informed." The EU's Article 29 Working Party issued an opinion earlier this year on the issue of cookies and consent, noting that default browser settings, bulk consents, Web user inactivity or the use of opt-outs will not meet the consent requirement.
If you want to comment on this post, you need to login.