Privacy on the net

Home

Members

Services

News & Info

Entertainment

Help

Content Starts Here

Privacy on the net

Introduction

The business advantage of the Internet is its ability to provide large quantities of data to any number of locations virtually anywhere in the world. However, this often involves handling personal information about individuals, be they employees, customers or target clients. Any business must be aware of its legal obligations to individuals regarding the use of personal data.

Data protection

The data protection legislation in the UK is based on an individual's right not to have personal data held relating to him or her disclosed to third parties.

The thrust of the legislation is that individuals must be informed about information obtained concerning them and in many circumstances their consent must be obtained before any information is used. In addition, the Data Protection Act 1998 ("DPA") contains data management requirements.

The DPA will directly affect e-business and how it handles and processes information about individuals.

Trading in data

The disposal and acquisition of customer lists and data will inevitably grow in importance as companies seek to sell this information as part of their assets. It is therefore important to ensure that consent by the data subjects is received by incorporating a suitable policy into a company's website.

Cookies

Cookies enable website operators to build up a profile of its users including their IP address and surfing history. Such information might be considered anonymous since it does not usually identify individuals. Use of cookies under the DPA has been unclear and it has been the common view that retrieval of data through a cookie that is not linked to other personal information e.g. user's name or e-mail address, will not fall within the scope of the DPA, because of the anonymous nature of the data.

However the Information Commissioner has indicated that in her view the use of cookies may fall within the scope of the DPA.

On 7 December 2001, the Council of Telecommunications Ministers amended the recommendations of the European Parliament on the proposed directive concerning the processing of personal data and the protection of privacy in the electronic communications sector (known as the Telecommunications Data Protection Directive), to allow for the use of cookies without the need for prior user consent, on the condition that the website operator provides clear and precise prior information on their use to the user. The website operator should also give users the opportunity to refuse to have a cookie stored on their computer.

Privacy policies

In the UK a privacy policy incorporated onto a website serves two functions. The first is to facilitate the e?business in fulfilling its legal obligations under the DPA. The second and overriding objective is to install confidence in the user that information will not be disclosed to any third parties, and this objective is common to both jurisdictions.

Privacy policies should be incorporated onto a company's website where they collect personally identifiable information to enable it to comply with the obligations under the DPA and also to instil confidence in users of the company's website.

This document reflects the law and practice as at May 2002. It is general in nature, and does not purport in any way to be comprehensive or a substitute for specialist legal advice in individual circumstances.

Download a copy of the full guidelines in PDF format