I have done some reading into this topic including the ICO implementation recommendations and, on the face of it Google Analytics is of particular concern.
To take one of our corporate web sites as an example the Google analytics cookies do not relate to the function of the site so would be therefore be under scrutiny because they are not “‘strictly necessary’ for a service requested by the user”.
In reality however, there is some way to go before the industry catches up with the legislation. For instance web browsers would need provide integrated user friendly functionality to easily allow a user to define which cookie to reject and which to accept.
Therefore, some feel that there is effectively a bedding in or grace period while site owners and technology catches up with the implications of the legislation.
There is a good summarising piece here:
written by Brian Kelly from UKOLN, and he must be right because he has a beard.
In the short term I can’t see a coherent message to put out to IOE web site owners without causing a fuss with no means of advising or resourcing a course of action.
What I have found though is some interesting references to Social networking and data protection including this one in a recent best practice white paper called ” Consent Management: Good Practice Recommendations” on the JISC Legal site:
“Where institutions are using social network services as data processors then the institution is obliged to ensure that this processing is data protection compliant. [section 3.9] “
I feel it might be inflammatory to highlight this particular issue without constructive recommendations.
For the time being I am going to keep a tabs on the way the situation develops in terms of UK HE response, JISC legal recommendations and any technological developments to accommodate the legislation.