Cable Forum - View Single Post - Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]

popper · 18-04-2008, 07:32

for easyer search reference later...pecr_guidance
http://www.ico.gov.uk/upload/documen...part2_1206.pdf

"
There may be different interpretations of the requirement that the user or subscriber should be 'given the opportunity to refuse' the use of the cookie type device. At the very least, however, the user or subscriber should be given a clear choice as to whether or not they wish to allow a service provider to continue to store information on the terminal in question. "

"
The fact that an 'opportunity to refuse' such storage or access must be provided imposes a greater obligation on the relevant party than simply making refusal a possibility.

The mechanism by which a subscriber or user may exercise their right to refuse continued storage should be prominent, intelligible and readily available to all, not just the most computer literate or technically aware.

Where the relevant information is included in a privacy policy, for example, the policy should be clearly signposted at least on those pages where a user may enter a website.

The relevant information should appear in the policy in a way that is suitably prominent and accessible and it should be worded so that all users and subscribers are able to easily understand and act upon it. "

"

3.2 Purposes for processing
Traffic data may be processed only for the restricted purposes outlined in the Regulations.
• To provide value added services to the subscriber or user
A value added service means any service which requires the processing of traffic data or location data beyond that which is necessary to transmit a communication or the billing of that communication. For example, a service which locates the driver of a broken-down vehicle. There is no restriction on the type of service that can be provided but such processing may only take place with the prior consent of the subscriber or user. "

hence the value added webwise anti phishing value added service requirement to allow for the extra processing permission Obviously they require in the act... it doesnt have to be great just there to conform with the 3.2 or so they think

"3.3 Consent to process for the above purposes

Where traffic data is processed for the above purposes, the prior consent of the subscriber or user of the line or account must be obtained. In the case of a corporate subscriber, it is reasonable for the communications provider to accept at face value the assurances of a person giving consent on behalf of the company unless the communications provider has reasonable grounds to believe otherwise.

The Regulations do not prescribe how service providers should obtain this consent.

However, in order to obtain valid informed consent, the subscriber or user should be given sufficient clear information for them to have a broad appreciation of how the data is going to be used and the consequences of consenting to such use (see

Legal Guidance paragraph 3.1.7).

In light of this the service provider will not be able to rely on a blanket 'catch all' statement on a bill or a website but rather will need to obtain specific informed consent for each value added service requested and to market their own electronic communications services.

Where, for example, a value added service is provided by a communications provider by using a third party, in the interests of transparency the person who will be seen to be responsible for providing that service should obtain the consent to process for this purpose.

Whether this will be the service provider, the third party or both will depend on the specific circumstances.

If the communications provider offers a value added service jointly with a third party, the user should be made aware of both parties.

The point is that the way in which a service is provided should be consistent with the expectations of the subscriber or user.

Where the user provides consent to one party to provide a particular service, they should not then be surprised when they are contacted by another party relating to the provision of that service.

The Regulations also specifically require that the subscriber or user is provided with information regarding the types of traffic data which is to be processed and the duration of such processing.

The subscriber or user may withdraw any such consent given to process related traffic data at any time. "

18-04-2008, 07:32	#3951
popper Inactive Join Date: Jan 2006 Posts: 3,270	Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797] for easyer search reference later...pecr_guidance http://www.ico.gov.uk/upload/documen...part2_1206.pdf " There may be different interpretations of the requirement that the user or subscriber should be 'given the opportunity to refuse' the use of the cookie type device. At the very least, however, the user or subscriber should be given a clear choice as to whether or not they wish to allow a service provider to continue to store information on the terminal in question. " " The fact that an 'opportunity to refuse' such storage or access must be provided imposes a greater obligation on the relevant party than simply making refusal a possibility. The mechanism by which a subscriber or user may exercise their right to refuse continued storage should be prominent, intelligible and readily available to all, not just the most computer literate or technically aware. Where the relevant information is included in a privacy policy, for example, the policy should be clearly signposted at least on those pages where a user may enter a website. The relevant information should appear in the policy in a way that is suitably prominent and accessible and it should be worded so that all users and subscribers are able to easily understand and act upon it. " " 3.2 Purposes for processing Traffic data may be processed only for the restricted purposes outlined in the Regulations. • To provide value added services to the subscriber or user A value added service means any service which requires the processing of traffic data or location data beyond that which is necessary to transmit a communication or the billing of that communication. For example, a service which locates the driver of a broken-down vehicle. There is no restriction on the type of service that can be provided but such processing may only take place with the prior consent of the subscriber or user. " hence the value added webwise anti phishing value added service requirement to allow for the extra processing permission Obviously they require in the act... it doesnt have to be great just there to conform with the 3.2 or so they think "3.3 Consent to process for the above purposes Where traffic data is processed for the above purposes, the prior consent of the subscriber or user of the line or account must be obtained. In the case of a corporate subscriber, it is reasonable for the communications provider to accept at face value the assurances of a person giving consent on behalf of the company unless the communications provider has reasonable grounds to believe otherwise. The Regulations do not prescribe how service providers should obtain this consent. However, in order to obtain valid informed consent, the subscriber or user should be given sufficient clear information for them to have a broad appreciation of how the data is going to be used and the consequences of consenting to such use (see Legal Guidance paragraph 3.1.7). In light of this the service provider will not be able to rely on a blanket 'catch all' statement on a bill or a website but rather will need to obtain specific informed consent for each value added service requested and to market their own electronic communications services. Where, for example, a value added service is provided by a communications provider by using a third party, in the interests of transparency the person who will be seen to be responsible for providing that service should obtain the consent to process for this purpose. Whether this will be the service provider, the third party or both will depend on the specific circumstances. If the communications provider offers a value added service jointly with a third party, the user should be made aware of both parties. The point is that the way in which a service is provided should be consistent with the expectations of the subscriber or user. Where the user provides consent to one party to provide a particular service, they should not then be surprised when they are contacted by another party relating to the provision of that service. The Regulations also specifically require that the subscriber or user is provided with information regarding the types of traffic data which is to be processed and the duration of such processing. The subscriber or user may withdraw any such consent given to process related traffic data at any time. "