Posts Tagged ‘privacy’

ICO Cookie Monster Strikes Tomorrow

Friday, May 25th, 2012

May 25, 2012

On May 26, 2011, a new web privacy law came into effect in the United Kingdom (UK). The UK was first of the 27 European Union (EU) states to bring their laws in line with the directive intended to protect the privacy of individuals within the EU. With an understanding that there is work to be done and technical issues to resolve, the UK Government extended a one-year grace period for web sites to comply with the new regulations.

Well, the time as come! Effective tomorrow, the grace period is over and the Information Commissioners Office (ICO) will be authorized to impose fines of up to £500,000 — heavy!. In theory, all web sites that serve UK visitors would be subject to this legislation. In reality however, it will be very hard to pursue a case against companies with no legal presence in the EU.

While a few organizations may be looking to leverage web server locations as a scapegoat, it is the location of the legal entities that the enforcement agencies will be focused on– the web host locations won’t matter. There are many types of cookies and forms of consent, so the rules can get pretty complicated. So before you decide to cuddle with the cookie monster, consider that he can complicate your life and confine your business. For example, the legislation does not require consent for cookies to be used in situations defined as ‘strictly necessary’ — but what does that mean? As currently clarified, if a user has placed an order online, then it’s implied by the user’s initial request that permission be granted without further consent to interfere with the transaction. This is just one example of an exemption to the consent requirement, and there are likely to be many more as the battle continues. Very few precedents have been set, so it will be interesting to watch the progression in Europe — and to compare and contrast with the ‘Do Not Track’ agendas in the United States.

To further complicate the legislative implications, take a peek at the definition of “Consent” as noted in the Open letter on the UK implementation of Article 5(3) of the e-Privacy Directive on cookies: “Consent” is defined in the Data Protection Directive as “any freely given specific and informed indication of his wishes.” Note that there are no time constraints associated with this definition, and no specification that the consent must be “prior consent”. Therefore, it is possible that consent may be given after or during processing.

While a few of us may start to feel better about our online privacy, and I’d expect virtually none from the online marketing communities, this legislation has negative implications. The efforts required to acquire informed consent on the use of cookies are likely to be costly for web site owners and businesses. Non-compliant web site owners will have an advantage as well, because their users will not be faced with questions that interfere with their browsing and buying activities.

Is the EU agenda overkill? Why can’t we just rely on innovative solutions that work with our browsers, like Ghostery for instance, to give us better insight and control?

To learn more about online behavioral advertising using cookies, take a look at the video below from Christina Tsuei at The Wall Street Journal. This was created back in 2010, but still very relevant and helpful for understanding how cookies work.

LinkedIn Police Nabs Profile Perpetrator

Thursday, October 29th, 2009

As detective Adrian Monk obsessively states “here’s what happened”:

On October 22, 2009 Joe Pych, NextMark’s Founder was contacted via LinkedIn to let him know he had a new colleague. Surprisingly, it was a guy from the Netherlands who was claiming to be the owner of NextMark. There is only one NextMark, so it was pretty clear that a profile perpetrator was on the loose. (more…)

Facebook privacy? You can run, but you can’t hide

Wednesday, August 12th, 2009

Online tag

Tag – you're it! That's the game we used to play as kids, but it was conducted offline and had a 'two-way street' where the predator would instantly become the prey at each touch point. That's not the case with online tag – you can run, but you can't hide!

With online tag there are no list owner clearance approvals, just millions of individuals (with user IDs and passwords) who check boxes without ever having read the terms and conditions or a privacy policy. It's not just tagging you need to worry about. Just about anything can get posted, blogged or tweeted nowadays – and RSS feeds only help to power the distribution.

It's no wonder that, "I always feel that somebody's watchin' me, and I have no privacy." – Rockwell (1984)

Facebook privacy settings

Although there are several settings that Facebook users can adjust to manage privacy, they won't protect you from your misspent youth. According to All Facebook, "the best way to prevent embarrassing items from showing up on Facebook is to not make bad judgments in your personal life."

Well, I couldn't agree more – do you have a big eraser I can use to clean up my teen years? In the meantime, here are 10 privacy settings every Facebook user should know:

  1. Use Your Friend Lists
  2. Remove Yourself From Facebook Search Results
  3. Remove Yourself From Google
  4. Avoid the Infamous Photo/Video Tag Mistake
  5. Protect Your Albums
  6. Prevent Stories From Showing Up in Your Friends’ News Feeds
  7. Protect Against Published Application Stories
  8. Make Your Contact Information Private
  9. Avoid Embarrassing Wall Posts
  10. Keep Your Friendships Private

Keep in mind, that although Facebook is currently the most popular social network service it is not the only online social utility. There are hundreds of frequently visited sites on the web that allow your friends and your enemies to share information about you, both visually and textually, but not necessarily in context.

Respect from direct mail service providers

Fortunately, direct mail is less concerning because there are many controls in place to guard against the improper use of mailing lists. Direct marketing services providers work together and share information about unethical mailers to prevent scams on the front-end of the process. There are clearance approvals and list rental agreements that are required, and most lists are seeded to ensure compliance. In addition to these and other controls, the members of the Direct Marketing Association (DMA) abide by a Privacy Promise and a Code of Ethics.

The DMA has also made it easier for consumers to manage their incoming mail and email preferences by registering for the mail preference service at ''. The site also includes links to the forms needed to stop mail from being sent to deceased individuals or to manage mail sent to a dependent living in your care.

Media channels are good

It's not that direct mail is good and social media is evil. Media channels are not the source of the problem — it's human nature out of control that will lead to chaos. Treat others online the way you would like to be treated and we'll all be better off.