A legal problem with planting a cookie in another site's domain

Joel Harrison ukcrypto at chiark.greenend.org.uk
Wed, 16 Apr 2008 23:39:06 +0100 

I've just been reading through the Article 29 Working Party's Opinion
on search engines from earlier this month.

On p. 12, the WP states:

"Certain provisions of the ePrivacy Directive such as Article 5(3)
(cookies and spyware) and Article 13 (unsolicited communications) are
general provisions which are applicable not only to the electronic
communications services but also to any other services when those
techniques are used."

That's a pretty clear statement that the provisions dealing with
cookies are intended to apply to anyone who uses them, not only to
network operators.

Joel

On Mon, Apr 14, 2008 at 2:47 PM, Joel Harrison
<joeldharrison@googlemail.com> wrote:
> On 4/11/08, Roland Perry <lists@internetpolicyagency.com> wrote:
>
>
> > Oddly enough last year I helped persuade ICO that Bluespam was not (as they
>  > first thought) prohibited - so they changed their guidance. A bit of a blow
>  > for freedom, but the law is the law.
>
>  Impressive job.  That's a thorny debate in itself, but I don't want to
>  take this OT.
>
>
>  >
>  > That rested on a very similar area of interpretations.
>  >
>  > I'm not arguing in favour of infallibility, but I'd also hate everyone to be
>  > chasing a red herring. Which bit of ICO guidance contains this particular
>  > guidance - I find their website very difficult to speed-read.
>
>  Guidance on this bit of PECR is in para 2 of the following :
>
>  http://www.ico.gov.uk/upload/documents/library/privacy_and_electronic/detailed_specialist_guides/pecr_guidance_part2_1206.pdf
>
>  I'll say from the outset that there is no explicit statement here that
>  reg. 6 is not limited to network operators (or providers of electronic
>  communications services in the language of PECR).  However, there is
>  nothing in there to say that it is limited in this way (cf. para 1),
>  and one would expect the ICO guidance to mention it if it were,
>  because that is a massively significant limitation.  Plus, as I say,
>  my experience is that in practice the ICO (and also practitioners in
>  the field) do not take the view that reg. 6 is limited to network
>  operators.
>
>  In any event, I expect that a court would only hold that reg. 6 is
>  limited to network operators in the face of clear words to that
>  effect, and reg. 6 contains no such clear words.
>
>  Joel
>