Need help? Looking for tips and tricks?

This knowledge base contains loads of useful advice and answers to common questions.

If you're still stuck you can always submit a support request and we'll get back to you ASAP.

EU Privacy Directive - how does Citizen Space comply with this?

Support -

[Disclaimer: this article does not constitute legal advice]

In 2009 the EU updated a piece of legislation called the Directive on Privacy and Electronic Communications, also known as the 'e-Privacy Directive' or sometimes the 'Cookie Law'. In 2011 this directive was adopted in the UK in the form of the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011.  In essence, the amended regulations require that website visitors give informed consent before cookies (or other similar technologies) are used to store information on their computers.

Citizen Space's use of cookies

We have done an extensive audit of all our sites and applications, resulting in updated privacy policies on Delib's website and linked from each client's instance of Citizen Space.  Citizen Space only uses cookies that are necessary for the correct functioning of the system, and these cookies do not contain any personally identifiable information.

All Citizen Space apps provide a 'Privacy and Cookies' page that explicitly states what cookies are used and when.  It also states who the data controllers and processors are.

Third party cookies in embedded content

One of the key features of Citizen Space is the ability to embed rich media such as maps, videos and presentations into consultations.  This is a very useful way to illustrate the subject being discussed, but could fall foul of the privacy directive.  This is because the content may cause third party cookies to be stored without the user's knowledge.

To ensure compliance, Citizen Space allows visitors to give explicit consent before loading any embedded content.  When anyone visits a page on Citizen Space that contains embedded content, a yellow bar appears at the top of the page asking whether they want to display the content*.  Visitors can choose whether or not to load the content, and can optionally save a setting that automatically loads all embedded content on the site for the rest of their visit:

Browser overlay bar asking if embedded content should be loaded and if your choice should be remembered

More cautious visitors can read more about each item of embedded content before loading it.  A placeholder appears instead of the item, with a brief description and a button to load the content:

Image of a placeholder showing the title of a video and a button to load embedded content

Clicking 'More info' shows the technical details of the embedded content:

Example technical details including the provider and embed code

For Citizen Space instances hosted in territories not subject to these (or similar) privacy laws, this privacy feature can be disabled sitewide by Delib.   In this case all embedded content will be loaded automatically without warning visitors first.

 

* An update on embedded content warnings for EU customers (March 2014)

The embedded content warning and explicit consent request was a privacy feature originally added to Citizen Space as a default (for customers based in the EU) in order to comply with EU privacy regulations in regard to third-party cookies.  However, this guidance was relaxed in 2013, and therefore we can disable this functionality on request, given the following guidance:

  • Let your users know about any cookie implications in the text *preceding* any embedded content (perhaps linking to your Cookie Policy). For example, cookies will be stored once a user plays a video from YouTube.
  • Update your Cookie Page to reflect any changes. We'd recommend looking to the ICO site for guidance: http://ico.org.uk/Global/cookies

Specifically in relation to embedding videos from YouTube:

  • When you embed a video, enable YouTube's 'privacy-enhanced mode' (so YouTube won’t store information about visitors on your web page unless they play the video). See https://support.google.com/youtube/answer/171780?hl=en-GB
  • We'd really recommend against enabling auto-play. This has implications for the user not just in terms of cookie storage, but also their data usage.