Website Legal Requirements – Cookies and Consent Policies

As a result of changes to the EU Privacy and Electronic Communications Directive, it is now unlawful to use cookies to collect user data without first obtaining explicit consent. Accordingly, the Information Commissioner’s Office (ICO), which is responsible for ensuring that websites comply with the new cookie law, has implemented a technical solution on its own website with the result that traffic to it plummeted.

Continue reading

SaaS Agreements – Data Protection – Patriot Act

Under the provisions of the US Patriot Act the personal data of SaaS customers based in the EU could be shared with US law enforcers without the customer being informed, although this conflicts with EU data protection laws. This Act applies not just to SaaS suppliers owned by a US company but any SaaS suppliers using the services of a US subsidiary for data processing or a US data centre.

Continue reading
Bodle Law