Technical

Recommendations for complying with the e-privacy directive

Follow

Background

As of 26th May 2012, the EU e-privacy Directive requesting end user consent to store cookies will become law. This law was implemented in the EU last May 2011 however the Information Commissioners Office (ICO) allowed UK companies a years grace to understand and apply the changes required.

This law requires the user to actively consent to the use of certain cookies on each website the first time they visit it on their equipment. Exactly how this is to be implemented is at present vague and left to each company to decide themselves. All the new law does insist on is that, if certain cookies are used, each user of a machine / terminal is:

'a) provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and

  1. b) has given his or her consent.'*

What should you do to ensure Asset Bank complies with the new law?

There is only one cookie that is essential for Asset Bank to function, which is a session cookie used to maintain a user's session. Any other cookies it uses are used for optional functionality that can be 'turned off' if you require to minimise cookie use. See details of cookies used by Asset Bank

This session cookie is likely to be except from the 'right to refuse a cookie':

The Regulations specify that service providers should not have to provide the information and obtain consent where that device is to be used:

  • for the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network; or
  • where such storage or access is strictly necessary to provide an information society service requested by the subscriber or user. *

* all quotes in italics taken from the ICO website. See the Cookies Regulations and the New EU Cookie Law on the ICO's website for more about the EU e-privacy Directive.

Therefore, if your Asset Bank is configured such that only this session cookie is used you may not need to take any action.

However, if you make use of optional functionality that uses cookies, or you want to be explicit even about the use of the session cookie, below are some suggestions for how to change your Asset Bank to make the user aware of its use of cookies and, if you require it, to obtain their consent.

Note: if you use Google Analytics to monitor use of your Asset Bank (or any other reporting tool that uses cookies, i.e. probably all of them) then we recommend you mention this in the copy you add to the login page, and we recommend showing the checkbox (mentioned below) enabling users to explicitly give their consent. This is because, unlike the session cookie used to maintain a user's session, Google Analytics is not essential to Asset Bank's operation and it does track user activity.

Suggested Changes

We are not suggesting that all of our clients need to implement all, or even any, of these changes. These are suggestions for relatively simple changes you can make to Asset Bank if you decide you want or need to.

Add copy to the 'Login' page

You can change the copy that is shown on the login page as follows:

  • Go to Admin->Content
  • Click 'edit' next to the 'Page Copy' item.
  • Find the item 'Login page copy' in the list.
  • Click 'edit' and change the copy. For example, you could add a paragraph as follows:

Asset Bank may store cookies on your computer - by logging in you give your consent for this. View details of cookies used by Asset Bank

Ask the user explicitly to tick to give their consent

Asset Bank can be configured to show a checkbox on the login page. If the user does not check this checkbox then they cannot login. By default this is used to check that they have read the site's Terms & Conditions. However, you can change the text of this checkbox either to also include their permission to store cookies or just to say this.

If your Asset Bank does not already show this checkbox on the login page you can turn it on by changing the following setting in Asset Bank's ApplicationSettings.properties file:

showConditionsOnLogin=true

After a Tomcat restart, the checkbox will be shown with the default text.

To change the text shown to the right of this checkbox:

  • Go to Admin > Content
  • Click 'edit' next to the 'Labels' item.
  • Find the item 'Label - Agree to terms' in the list.
  • Click 'edit' and change the copy. For example, you could change it to:

I agree to comply with the Terms and Conditions of Asset Bank and I give my consent for it to store cookies on my computer

OR, just:

I give my consent for Asset Bank to store cookies on my computer.

Note: if you are on a version of Asset Bank prior to version 3.1221.8 you will need an upgrade before you can edit the copy used in this checkbox label.

To change the text of the error message that appears if a user fails to check the checkbox:

  • Go to Admin > Content
  • Click edit next to System Messages
  • Find the item 'failedValidationConditions' and click 'edit to change the copy to something more appropriate (e.g. 'Please indicate you give consent for Asset Bank to store cookies on your computer').

Add copy to the home page

If your Asset Bank does not require users to view the login page, for example if it is available to the public or it uses Single Sign-on (SSO) then you may want to change the 'welcome' text on the home page to include information about the use of cookies. To change this text:

  • Go to Admin-> Content
  • Click 'edit' next to the 'Page Copy' item.
  • Find the item 'Home page Welcome text' in the list.
  • Click 'edit' and change the copy. For example, you could change it to:

Asset Bank may store cookies on your computer - by using this site you give your consent for this. View details of cookies used by Asset Bank

Change your 'Privacy Policy' link and page copy

Asset Bank contains a link called 'Privacy Policy' in its footer. You can change the name of this link as follows:

  • Go to Admin-> Content
  • Click 'edit' next to the 'Page Copy' item.
  • Find the item 'Footer copy' in the list.
  • Click 'edit' and change the name of the 'Privacy Policy'. For example, you could change it to: 'Privacy and Cookie Policy'

To change the copy of the Privacy Policy page, for example:

  • Go to Admin-> Content
  • Click 'edit' next to the 'Page Copy' item.
  • Find the item 'Privacy Policy' in the list.
  • Click 'edit' and change the copy, for example to contain a link to details of cookies used by Asset Bank

If you use the 'Remember me?' functionality:

We suggest changing the label of this check box to something like "Login automatically next time? (This will use a cookie to remember you next time you visit).

Comments

0 comments

Please sign in to leave a comment.