[govinfo] Federal Cookie Policy Forum
- From: "Patrice McDermott" <pmcdermott@xxxxxxxxxxxxxxxxxxxxx>
- To: "FEN" <fen@xxxxxxxxxxxxxxxxxxxxxxxx>, <FOI-L@xxxxxxxxxxxxxxxx>, <govinfo@xxxxxxxxxxxxx>
- Date: Fri, 24 Jul 2009 14:32:45 -0400
OMB ? with the cooperation of OSTP -- are seeking an open discussion about the
various aspects of the ideas below ? do you need more info about their thinking
to respond usefully, are these the right categories, unintended consequences,
etc.
Those of you who care about this issue are encouraged to join. In addition to
this online forum, there will be a Federal Register Notice on 27 July.
To share your comments on this approach, you can post a comment here, submit
comments directly in response to the Federal Register notice mentioned above,
or email them to: oira_submission@xxxxxxxxxxx
. Comments submitted by August 10, 2009 in one of these three ways, will be
taken into consideration though we strongly encourage you to comment here so
that others can respond. Comments submitted via email will also be republished
here.
Patrice McDermott, Director
OpenTheGovernment.org
www.openthegovernment.org
202.332.OPEN (6736)
Federal Websites: Cookie Policy
Friday, July 24th, 2009
Posted by Michael Fitzpatrick and Vivek Kundra
During the Open Government Initiative outreach, Federal employees and the
public have asked us questions about the federal government?s policy on
cookies. As part of our effort to create a more open and innovative
government, we?re working on a new cookie policy that we?ll want your input on.
But before we get into that, let?s provide some context.
In June 2000, the OMB Director issued a memorandum (M-00-13, later updated by
M-03-22, http://www.whitehouse.gov/omb/memoranda_default/) that prohibited
Federal agencies from using certain web-tracking technologies, primarily
persistent cookies, due to privacy concerns, unless the agency head approved of
these technologies because of a compelling need. That was more than nine years
ago. In the ensuing time, cookies have become a staple of most commercial
websites with widespread public acceptance of their use. For example, every
time you use a ?shopping cart? at an online store, or have a website remember
customized settings and preferences, cookies are being used.
This past June, we blogged about ways to enhance citizen participation in
government through basic policy changes, including revisions to the current
policy on web-tracking technologies. We heard a lot of informal comments on
that blog, so we decided to pursue the more formal comment route through the
Federal Register (Link Coming 7.27). The goal of this review is to develop a
new policy that allows the Federal Government to continue to protect the
privacy of people who visit Federal websites while, at the same time, making
these websites more user-friendly, providing better customer service, and
allowing for enhanced web analytics.
Under the framework we?re looking at, any Federal agency using web tracking
technologies on a Federal Government website would be subject to basic
principles governing the use of such technologies and would be required to:
· Adhere to all existing laws and policies (including those designed to
protect privacy) governing the collection, use, retention, and safeguarding of
any data gathered from users;
Post clear and conspicuous notice on the website of the use of web tracking
technologies;
Provide a clear and understandable means for a user to opt-out of being
tracked; and
Not discriminate against those users who decide to opt-out, in terms of their
access to information.
OMB is considering a three-tiered approach to the use of web tracking
technologies on Federal Government websites:
· 1st - Single-session technologies, which track users over a single
session and do not maintain tracking data over multiple sessions or visits;
2nd - Multi-session technologies for use in analytics, which track users over
multiple sessions purely to gather data to analyze web traffic statistics; and
3rd - Multi-session technologies for use as persistent identifiers, which
track users over multiple visits with the intent of remembering data, settings,
or preferences unique to that visitor for purposes beyond what is needed for
web analytics.
We expect that there would be more stringent restrictions or review of the
technologies within the tiers that might have higher privacy risks.
To share your comments on this approach, you can post a comment here, submit
comments directly in response to the Federal Register notice mentioned above,
or email them to: oira_submission@xxxxxxxxxxx
. Comments submitted by August 10, 2009 in one of these three ways, will be
taken into consideration though we strongly encourage you to comment here so
that others can respond. Comments submitted via email will also be republished
here. We?re hoping to hear your thoughts on:
· The basic principles governing the use of such technologies;
The appropriate tiers;
The acceptable use and restrictions of each tier;
The degree of clear and conspicuous notice on each website that web tracking
technologies are being used;
The applicability and scope of such a framework on Federal agency use of
third-party applications or websites;
The choice between an opt-in versus opt-out approach for users;
Unintended or non-obvious privacy implications; and
Any other general comments with respect to this issue.
We appreciate the feedback that we?ve received already, and we look forward to
hearing more.
Michael Fitzpatrick is Associate Administrator, OMB Office of Information and
Regulatory Affairs
Vivek Kundra is Federal CIO
Other related posts:
- » [govinfo] Federal Cookie Policy Forum - Patrice McDermott
