[Disclaimer: this article does not constitute legal advice]
In 2009 the EU updated a piece of legislation called the Directive on Privacy and Electronic Communications, also known as the 'e-Privacy Directive' or sometimes the 'Cookie Law'. In 2011 this directive was adopted in the UK in the form of the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011. In essence, the amended regulations require that website visitors give informed consent before cookies (or other similar technologies) are used to store information on their computers.
All Citizen Space apps provide a 'Privacy and Cookies' page that explicitly states what cookies are used and when. It also states who the data controllers and processors are.
Third party cookies in embedded content
One of the key features of Citizen Space is the ability to embed rich media such as maps, videos and presentations into consultations. This is a very useful way to illustrate the subject being discussed, but could fall foul of the privacy directive. This is because the content may cause third party cookies to be stored without the user's knowledge.
To ensure compliance, Citizen Space allows visitors to give explicit consent before loading any embedded content. When anyone visits a page on Citizen Space that contains embedded content, a yellow bar appears at the top of the page asking whether they want to display the content*. Visitors can choose whether or not to load the content, and can optionally save a setting that automatically loads all embedded content on the site for the rest of their visit:
More cautious visitors can read more about each item of embedded content before loading it. A placeholder appears instead of the item, with a brief description and a button to load the content:
Clicking 'More info' shows the technical details of the embedded content:
For Citizen Space instances hosted in territories not subject to these (or similar) privacy laws, this privacy feature can be disabled sitewide by Delib. In this case all embedded content will be loaded automatically without warning visitors first.
* An update on embedded content warnings for EU customers (March 2014)
The embedded content warning and explicit consent request was a privacy feature originally added to Citizen Space as a default (for customers based in the EU) in order to comply with EU privacy regulations in regard to third-party cookies. However, this guidance was relaxed in 2013, and therefore we can disable this functionality on request, given the following guidance:
- Update your Cookie Page to reflect any changes. We'd recommend looking to the ICO site for guidance: http://ico.org.uk/Global/cookies
Specifically in relation to embedding videos from YouTube:
- When you embed a video, enable YouTube's 'privacy-enhanced mode' (so YouTube won’t store information about visitors on your web page unless they play the video). See https://support.google.com/youtube/answer/171780?hl=en-GB
- We'd really recommend against enabling auto-play. This has implications for the user not just in terms of cookie storage, but also their data usage.