recommended reading

White House abolishes decade-old cookies ban

As expected, White House officials on Friday rolled back a 10-year-old prohibition on web-tracking devices called cookies, a policy that online experts said prevented agencies from personalizing online services to engage the public.

For nearly a year, the Office of Management and Budget had been consulting with privacy advocates and agencies to update the policy in a way that would bring government sites into the 21st century, where people are accustomed to navigating commercial websites that rely on cookies, but also protect visitors' privacy. The ban initially was instituted to uphold civil liberties. But many agencies found legal work-arounds to use the tools.

"Our view is that this is going on already and it has been for many years, and it's important that we set down a clear set of rules for the road so that agencies are confident they are doing it in . . . a way that really respects privacy," said Michael Fitzpatrick, associate administrator of OMB's Office of Information and Regulatory Affairs.

Cookies are small files deposited on Internet users' computers when they visit a website. They often store the Web pages a visitor regularly views and other preferences, as well as measure the site's traffic volume and visitor demographics.

Friday's policy takes pains to limit the collection of personally identifiable information that can be combined to discern an individual's name, such as the series of numbers that identify a user's computer, personal mailing addresses and e-mail addresses. Agencies can gather such information only if a user consents. In addition, agencies must give 30 days' notice to the public and seek citizens' input before moving ahead with the technology.

Websites will be barred from tracking a visitor's activity on nongovernment sites and from sharing with other agencies the data they collect without gaining the user's permission first. Agencies can cross-reference the information they collect with personally identifiable information to further analyze visitors' activity only with their explicit consent.

To finalize the new rules, White House officials met with privacy groups including the Electronic Privacy Information Center and the Center for Democracy and Technology, as well as federal chief information officers, agency Web managers and Web analytics companies.

In a related move, OMB added privacy stipulations to existing guidance on the use of other organizations' social media tools such as YouTube. "Agencies must go back and review their current relationship with third parties and bring them into compliance with this new guidance," Fitzpatrick said.

Many agencies use online community sites such as Facebook and YouTube to interact with citizens and involve them in policymaking. "What has been missing is a clear set of guidelines with respect to privacy protections when they engage in these practices," Fitzpatrick said.

Under the new rules, agencies partnering with a third-party website must review the other entity's privacy policy to determine whether it is appropriate for the agency, he said. The policy also requires agencies to conduct a privacy impact assessment that examines whether controls are in place to comply with federal privacy regulations. In addition, officials must update their agency's privacy policies to inform the public that third parties could be providing the agency with personally identifiable information.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.