A legal problem with planting a cookie in another site's domain

[Roland Perry]

In article <005301c89b22$90918b70$e57ea8c0@Jinja>, James Firth
<james2@jfirth.net> writes
>The mention of the Electronic Privacy Directive brought one potential
>issue to my mind.
>
>Websites must notify users about their use of cookies, how their data
>is used and give users information or a mechanism to prevent use of
>cookies.

I'm not sure it's all websites (in practice very few do, anyway).

Someone who ought to know, once told me that because of the way the
Directive (and hence Regs) were worded the provision only applied to
activities of Network Operators [1], and therefore only the websites of
such people (ie a small subset like "buy your ISP services here").

And there's an "operational" exemption very similar to that in RIPA:

        a) for the sole purpose of carrying out or facilitating the
        transmission of a communication over an electronic
        communications network; or

        (b) where such storage or access is strictly necessary for the
        provision of an information society service requested by the
        subscriber or user.

NB. I am not commenting on whether Phorm might or might not qualify
under such exemptions; I haven't even begun to analyse that.

>Bob runs a website that does not use cookies.  He either has no privacy
>policy, or one explaining at cookies are not used.

If Bob is running the website from a content-management platform (which
could well be overseas) he probably hasn't even heard of cookies, and
has no idea what cookies are being used. Is that also his fault (or
maybe this is a red herring if the provisions are as lame as I've been
told).

[1] I have not yet identified the exact words which convey this meaning,
sorry.
-- 
Roland Perry