Rethinking the wheel

Dear reader

Following the successful panel session at the London Book Fair this year on 'The 4 Cs' of successful publishing', I thought you might like to see my latest column in the 'Bookseller', published last week, in which I took a look into my personal crystal ball anbout the impact of digital on the trade. You can find it here (repro'd with the Bookseller's kind permission).

I'll be publishing a White Paper shortly which will expand on the ideas contained in my column, with some practical pointers. If you'd like a copy, please drop me an email at laurie@laurencekaye.com.

Have a good week

Laurie

From digital copyright to cookies

Dear colleague

With the rain-soaked but patriotic Jubilee bank holiday weekend fast receding into memory, I wanted to update you a couple of items of news and information.

 Digital Publishers Forum 27^th June (4-6pm) ‘Legal Issues’ update

With Hugh Jones, the Publisher Association’s Copyright Counsel, I’ll be giving our Annual Upate on hot legal issues for publishers, with a particular focus on digital. The event takes place at  Malet Place, Eng 1.02, University College London (UCL), London WC1, followed by a reception in the Arts Faculty Common Room G24, Foster Court.

Topics we’ll cover include:-

• What are the forces applying pressure for legal change that will impact on publishing? What’s their agenda, and where are the pressure points?
• What does the future hold for territoriality, and have ‘they’ got a point – or not?
• Update on other current issues, including Hargreaves DCE and the Linked Content Coalition, enforcement, the Defamation Bill, data protection regulation and Legal Deposit.

 I do hope you can join us. You’ll find registration details here.

 Cookies update– what should you be doing?

The short, practical answer is: you should have a compliance plan in place and underway, even if you may not able to demonstrate full compliance with the Regulations (The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011, which came into force on 31/5/12.

The elements of a compliance plan are a cookie audit (what cookies does your site set and for what purpose?) > deciding your approach to the issue of consent (see below) > a clear and concise cookie policy > facility for users to make choices about cookies.  

So just to re-cap: the two core legal requirements for the collection of information via cookies are (1) the provision of information and (2) gaining consent. The Regulations provide that, with some limited exceptions, operators cannot use cookies unless they (i) provide subscribers or users or subscribers of terminal equipment (pc’s, tablets etc.) with “clear and comprehensive information about the purposes of the storage of, or access to that information; and (ii) that [the subscriber] has given his or her consent.”

There are numerous ways to provide clear and comprehensive information e.g. via a pop up box that links to a Cookie policy written in plain language. But there is continuing uncertainty about consent, especially in the light of the fact that most sites sete cookies as soon as a user visits a site and before he or she can give any form of consent. The Information Commissioner issued an updated Cookie Guidance at the end of May which you can find here

If you want to see how the Regulator approaches the issue, take a look at the Information Commissioner’s own website here that requires a user to give an explicit ‘opt-in’ consent by ticking the box in order to continue using the ICO site. Another approach, and one covered by the ICO’s guidance, is implied consent. In other words, some action(s) taken by the user in relation to the use of the site that impliedly indicate consent to the use of cookies.  Consent can be implied in a number of different ways. For example, when you access FT.com, you will see a pop-up notice, telling users about the “FT Cookie Policy.” FT.com. At the end of the notice it states that  “By closing this message, you consent to our use of cookies on this device in accordance with our cookie policy unless you have disabled them.”

As the ICO’s Guidance makes clear, consent can be inferred in a number of ways but it cannot be implied solely from the user’s continued use of the site.

The ICO point to “…the gap between the range and complexity of the practices employed to provide, maintain and improve online services and the level of understanding users have about those practices” and observes that “the key to the validity of implied consent in this context is the narrowing of this gap. The more it becomes second nature for users to appreciate that on most sites they visit certain things are more likely than not going to happen then the more it will become acceptable for their actions – setting their browser up in a particular way, using the site in a particular way – to be interpreted as an indication that they understand what is happening and, by extension, that they consent to cookies.”

Alongside the issue of consent is the facility for users to make choices about whether and the extent to which their device is used to store and read cookies and information to support those choices. Whether those choices are at browser level or site specific it must always be possible for the user to decline to accept cookies even if it means a site’s functionality is limited for the user as a result.

In conclusion, doing nothing isn’t an option. If you would like help in formulating and implementing a cookie compliance plan, please send an email to laurie@laurencekaye.com or to sherif@laurencekaye.com.

Enjoy the remainder of the week.

Regards,

Laurie Kaye