ICO Reports: Europe agrees cookies law applies to device fingerprints

Summary

  • EU Article 29 Working Party.
  • Device fingerprinting techniques DO require consent before being placed on device.

Original Author: ICO e-Newsletter January 2015
Original Link: http://ico.msgfocus.com/q/1AFB31cD3v/wv

Content

The Article 29 Working Party, made up of representatives of 27 EU data protection authorities, including the ICO, has published its opinion on device fingerprinting.

Device fingerprinting works by collecting a number of pieces of information about a particular electronic device, such as a smartphone or tablet computer. Although individually, each piece of information is not unique or identifiable, such as the device’s screen size, by combining enough different pieces of information a unique identifier can be created.

The technology is already being considered by some organisations as an alternative to cookies. However, the Privacy and Electronic Communications Regulations (PECR) require organisations placing cookies on a device to have their consent before the cookie is set. 

The opinion published last month by the Article 29 Working Party supports the view of our office that the use of online technologies that operate in a similar way to cookies, including the use of some device fingerprinting techniques, still require an individual’s consent before being placed on a person’s electronic device. The opinion highlights that consent for such technologies can be achieved alongside the existing consent mechanisms for cookies provided clear and comprehensive information is provided to the user.