The next generation of cookies, “Flash cookies”, are leading to new privacy concerns. Flash cookies, so named as they originate from coding contained in Adobe’s Flash media player, are causing concern as they can store a lot more information than normal cookies and can not be found in the web browser.
Researchers at the University of California, Berkeley found that over half of the top 100 websites are retaining user information through Flash cookies without permission (http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1446862).
Failing to provide information on the use of Flash cookies and how they can be disabled is a breach of the current Privacy and Electronic Communications Directive. When the revisions to the Directive are implemented it will be necessary to explicitly obtain the user’s consent before serving cookies to their computer.
Although it has been suggested that browser settings can be taken as consent to cookies, this is unlikely to be sufficient for Flash cookies due to their remaining largely undetected by privacy settings on web browsers such as Internet Explorer and Firefox. Website operators are going to be under a greater onus to bring Flash cookies to the attention of users and obtain some manner of express consent. If Flash cookies are used on your website, your privacy policy will need to be amended to take account of them.
This is a privacy issue to watch to see how the struggle to balance individual’s rights and commerciality is managed as the Privacy and Electronic Communications Directive amendments regarding the requirements for consent to cookies take effect.