BIS Consults on Data Breaches and Cookies

September 22, 2010

As part of a larger consultation on implementing the revised EU Electronic Communications Framework, the BIS is consulting on the implementation into UK law of changes to the revised E-Privacy Directive (2002/58/EC).

The closing date for the consultation is 3 December 2010. The changes to the Framework must be implemented in the UK by May 2011.

The amended E-Privacy Directive introduces :

· a duty on providers of electronic communications services to notify data breaches to the Information Commissioner’s Office;

· a requirement for ‘effective, proportionate and dissuasive’ penalties for any infringement of the Directive’s provisions;

· a change in the requirement for storing information (cookies) on a subscriber’s or user’s equipment from a ‘right to refuse’ to obtaining consent..?

See the article from Marly Didizian and Peter Church on the cookies element.

The full consultation document is here