Privacy, EU cookie law and tracking OERs
Cloud created by:
22 August 2012
Disclaimer: I'm not a lawyer, and these are my personal views.
A week ago a colleague of mine highlighted a thorny issue related to tracking the re-use of OERs - balancing the privacy of end-users against the need for analytics by OER publishers. His concerns were specifically around the new EU cookie law (e-Privacy Directive).
To quote, "tracking images probably breach the new European law on cookies and other tracking devices". My response was, I think Track OER risks breaching the new law, unless:
- We make it clear to ‘content-producers’ that they are adopting a service with tracking/using license code snippets that incorporate tracking – probably we should try to indemnify ourselves in our T&C (is that the correct term?)
- The ‘content-producers’ (including the OU) make it clear to end-users that they are viewing/consuming OERs containing a tracking code – many/most of the sites that may re-use OERs will already incorporate analytics for their own purposes, so I hope this will not be too big a deal,
- Looking at the code bottom-right here - http://creativecommons.org/choose/ - we may need some wording like “This work is licensed under a Creative Commons … License, with tracking.” – where “tracking” is a link to a page explaining why and what we are tracking,
- We/ content-producers may need to provide mechanism(s) so end users can opt out.
I made a few further points:
- I’ve always considered this part of the “Quid pro quo” – we (HE institutions) provide OER content under permissive licenses for use and re-use. In return, we need to find out by some means how they are being used, so that we can provide results to our funders, continue to invest in OER production, make new business cases to funders, our institutions, etc. Yes, OER is good marketing for us, but it costs us.
- If the above point is valid, we need to explain it, There probably needs to be a cultural/legal shift/ change of wording etc.,
- It adds to the complexity of what we’re doing!
- It may reduce the adoption of the technology/technique,
- OU (OUICE) pages now have a ‘Privacy and cookies’ link - www.open.ac.uk | open.ac.uk/privacy - we need this for starters,
- We’re collecting anonymous (or semi-anonymous) data, and probably going to display it publicly - what are the implications?
Then, while exploring the administrative interface for Piwik I came across the "Do Not Track" feature (http://donottrack.us). The end-user configures their browser to send a DNT header when it requests a Web page (a HTTP header is some meta-data about the request or response, normally invisible to the end-user). The Web-server reads the DNT header, and doesn't record or track the user's visit. Do Not Track is available in most recent browsers, including Internet Explorer 9, Firefox 12, Safari and Opera. And critically, Microsoft plan to turn it on by default in IE 10. A number of big players like Microsoft, Yahoo and some advertising networks are adding support to their servers.
And the great news is that Piwik supports Do Not Track out of the box.