I've just stumbled across this joyous bit of legislation (not that it's a bad thing, but considering its significance to EU businesses, it doesn't seem to have been publicised much) and am currently investigating its implications. As far as I understand it the EU are putting this in today but it won't "apply" in the UK (I assume you're in the UK as you mentioned the ICO, yes?) until we interpret it as a local law in some way - this seems somewhat strange and counter-intuitive to me but some sites I've found seem to imply this, including docs from the ICO themselves, which seem to say "we haven't quite worked out exactly what the EU means, but when we do we'll give more information". I did find this, which seems to be a fairly good interpretation (but, bear in mind it is only an interpretation) of the EU legislation
http://www.sitecompliance.co.uk/ukcne...
the part which confuses me, and which will probably apply to the majority of (esp DNN) sites is point 7 - it refers to forums but it could be pretty much, as I see it, extrapolated to any site where you have to log in to access additional content - is (talking about exemptions)
"Within (b) (to achieve the user's explicit request to login upon navigating to the site), but only if the discussion forum is a commercial one. If it is not a commercial one, it would not be an information society service and therefore the exception would not apply. Express consent would be needed."
what is defined as a "commercial" forum? Is it any forum run by a commercial company, one you have to pay to access, something else? My company is in the process of making customer portal so our clients can log on and see the status of their orders, but we won't actually be selling anything through the site, so this won't be exempt under definition (a) from that site, but would it apply under its section (b)?
Trouble is, I don't think the UK government have much more of a clue as we do, though....
Please post any more information you find here and I will do likewise