12 Apr 2002
Lawsuits against online advertising bureau DoubleClick in the US should serve as a timely reminder of the regulations for the collection of personal data in the UK, according to experts.
DoubleClick agreed a settlement last week under which it will pay legal costs of $1.8m and make changes to its business practices. The company agreed to improve its online privacy policy, offer users an opt-in choice, educate consumers about their rights and ensure that data is used in a manner consistent with these rights.
The company will also purge data it is already holding and limit the life span of its ad-tracking cookies to five years.
Amanda Chandler, data protection officer at DoubleClick, maintained that the problem was caused by unclear laws. "We do not know if our cookies represent personal data [in terms of privacy laws]," she said, adding that firms should set up a clear privacy policy if they use DoubleClick's technology.
Data Protection Act
Jon Fell, a lawyer at Masons, said that in the UK the privacy rights of internet users are spelled out in the Data Protection Act. This legislation stipulates that companies "should not collect personal data without consent".
David Smith, the government's assistant Information Commissioner, began warning companies of their responsibilities in 2000. He said that, according to the Data Protection Act, cookies that track browsing habits and develop profiles which make users identifiable must comply with data protection standards.
He added that the Information Commission would want to know if firms were breaching this law.
In January of this year the Commission launched a study into the practices of websites. Although no results have yet been published, Ian Bourne, strategic policy manager at the Commission, said it is concerned about the way that some organisations collect data.
Defining personal information
He explained that for many sites there is "a transparency problem" but added that to improve matters firms need a clearer definition of what constitutes personal information. A definition is likely to appear in the Commission's guidelines for compliance with the law, which are currently being developed.
Fell advised companies wishing to exploit cookies to analyse shopping or browsing behaviour to inform users before data is gathered. "You must give clear notice if you are going to collect data and use it," he commented.
However, in respect of online advertisements Fell argued that users give their consent just by clicking. "You do not have to click on the ad," he pointed out.
Have your say on this article
Newsletters
Latest stories from Ecommerce
You may also like
Ecommerce jobs
Technology Patent Wars
Staff are increasingly using their personal devices for work. Productivity may increase as a result, but the trend brings with it security risks
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
