EDPS: Guidelines on the protection of personal data processed through web services provided by EU institutions (Nov 2016)


incl. also interesting links to other EU papers (e.g. on cloud)
Sadly from Nov 2016, so with GDPR in mind, but not in force, yet.

Covered technologies include
 Cookies
 Scripts (such e.g. JavaScript code) and components (such as browsers plugins) to be executed on the client side.
 Web caching mechanisms
 HTML5 local storage
 “Device fingerprinting”
 “Canvas fingerprinting” and “Evercookies”
 Web beacons

[UK] ICO’s Liz Denham on direct marketing consent


Detail of the e-privacy regulation is still being debated, but a default for all consumer marketing to be opt-in is in the current draft.

Until the e-privacy regulation comes into force, PECR will sit along side the GDPR.

That means electronic marketing will require consent. Yes, there is potential to use legitmate interests as a legal basis for processing in some circumstances, but you must be confident that you can rely on it.

It seems to me that a lot of energy and effort is being spent on trying to find a way to avoid consent. That energy and effort would be much better spent establishing informed, active, unambiguous consent.

You say you will lose customers. I say you will have better engagement with them and be better able to direct more targeted marketing to them. You will have complete confidence that your customers have given informed consent.