The annual report of the Internet Watch Foundation was published yesterday. The highlight is news that through closer collaboration with hotlines and Internet industries in other countries, the average time for removal of an illegal indecent image of a child from the Internet has dropped from over a month to twelve days. That is the average world-wide: in the UK such images are removed in hours.
Cookie Law Update
By Andrew Cormack
13 June 2012, 12.30-13.30
In 2009 an apparently minor amendment was made to European telecoms privacy law that turns out to have significant implications for websites using cookies as well as other technologies such as e-mail tracking.
The change became UK law in 2011 and will be enforced by the Information Commissioner from May 2012.
Discuss what organisations can do to work towards compliance
Discuss some examples of how others have responded to the law
I was recently struck by just how new most of the legislation creating duties for operators of electronic communications network is. Compared to the Computer Misuse Act, which has only had one amendment since 1990, these laws seem to be changing a lot faster:
Cambridge University gave a report at Networkshop on their work with Google to make outsourcing of staff and student calendars compliant with UK data protection law. This was achieved through a combination of individual contract terms, obtaining assurances about Google’s security processes, and design of the local Cambridge infrastructure.
The Regulation of Investigatory Powers (Monetary Penalties and Consents for Interceptions) Regulations 2011 are now in force. These make two changes to the Regulation of Investigatory Powers Act 2000:
The Privacy and Electronic Communications (EC Directive)(Amendment) Regulations 2011 have now been published, amending the previous Privacy and Electronic Communications (EC Directive) Regulations 2003 as required by the new EC Telecommunications Directives.
Last year's Digital Economy Act 2010 created a power (s.17) for a court to order a service provider to prevent access to a "location on the Internet" if that location was being used, or likely to be used, to infringe copyright. That power has not been brought into force and last January Ofcom were asked to report to the Government on whether such blocking could be effective. In the past week there have been two, apparently contradictory, developments.
Many of the problems in applying European Data Protection Law on-line arise from uncertainty over whether the law covers labels that allow an individual to be recognised (i.e. "same person as last time") but not - unless you are the issuer of the label - identified (i.e. "Andrew again").