The issue of cookies and the law has arisen again with the ICO publishing some guidelines on the rules on use of cookies and similar technologies just yesterday – http://t.co/kvNH1QME. The report is ready and waiting to be read in detail but I thought I’d share with you the process that we are going through here at Bradford and offer to facilitate some sector development and learnings around this subject – seeing as we will all ultimately have to do the same thing in terms of renew, or write, a Privacy Policy.
I mentioned back in May that we had revised our Privacy Policy following an audit of cookies back then. Since then, the committee wheels have been churning away and discussions on this topic have been had at our ‘Information Infrastructure, Access and Security’ committee (it’s as interesting as it sounds!). The institution is taking the topic seriously and our Legal team are involved in any new iterations of the privacy policy that we do.
Having re-read some information around cookies and the new legislation, and begun conversations with colleagues across the institution, I think we actually need to revisit some of the original audit work that we did. Our redrafted policy states:
“We use a cookie to remember colour preferences on the website, which can be set so that it is easier to read for people with visual impairments.
“We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.”
I have a feeling that this may not go far enough and that we need to revisit our audit and check, according to the Guidelines, that we have included all the appropriate technologies and systems and any third party content that we may include on our website – e.g. YouTube videos.
We had also planned to put a link to the Privacy Policy in our footer with all of the other small print that no-one reads, but we now realise that a more prominent link is required “displaying a prominent link to ‘more information about how our website works and cookies’ at the top of the page rather than through a privacy policy in the small print” is recommended.
Our site(s) are also more sprawling than we would like and we have set out that the policy covers www.bradford.ac.uk. However, as with most older instituions we’re not totally aware of ALL websites under www.bradford.ac.uk and the audit won’t have gleaned a full response from our web community. More investigative work is needed here to ensure we are aware of all cookies and technologies that are making use of them. We know what is in our managed CMS but there is more content our there that we need to probe further.
A sector spreadsheet
It seems to me that we will be looking at the same/similar areas, and so a Google spreadsheet may be useful for us to store our info so we can share and learn from each other?
- Institution name
- Audit done
- Types of cookies used
- Technologies used
- Where consent is needed
- Any other comments
- Link to published or draft policy
Am happy to set this up. Would people share their thoughts, ideas, and drafts? There is also a Google doc that you can use to pop thoughts – if you would like to contribute let me know and I will give you access: https://docs.google.com/document/d/1NvSWeTXA5Upy2wD8EWwwLwuKEoaSLoTzodGCkhY555U/edit?hl=en_US&pli=1
And I will pop our draft policy somewhere useful for people.
Cheers
Claire