recommended reading

White House abolishes decade-old cookies ban

As expected, White House officials on Friday rolled back a 10-year-old prohibition on web-tracking devices called cookies, a policy that online experts said prevented agencies from personalizing online services to engage the public.

For nearly a year, the Office of Management and Budget had been consulting with privacy advocates and agencies to update the policy in a way that would bring government sites into the 21st century, where people are accustomed to navigating commercial websites that rely on cookies, but also protect visitors' privacy. The ban initially was instituted to uphold civil liberties. But many agencies found legal work-arounds to use the tools.

"Our view is that this is going on already and it has been for many years, and it's important that we set down a clear set of rules for the road so that agencies are confident they are doing it in . . . a way that really respects privacy," said Michael Fitzpatrick, associate administrator of OMB's Office of Information and Regulatory Affairs.

Cookies are small files deposited on Internet users' computers when they visit a website. They often store the Web pages a visitor regularly views and other preferences, as well as measure the site's traffic volume and visitor demographics.

Friday's policy takes pains to limit the collection of personally identifiable information that can be combined to discern an individual's name, such as the series of numbers that identify a user's computer, personal mailing addresses and e-mail addresses. Agencies can gather such information only if a user consents. In addition, agencies must give 30 days' notice to the public and seek citizens' input before moving ahead with the technology.

Websites will be barred from tracking a visitor's activity on nongovernment sites and from sharing with other agencies the data they collect without gaining the user's permission first. Agencies can cross-reference the information they collect with personally identifiable information to further analyze visitors' activity only with their explicit consent.

To finalize the new rules, White House officials met with privacy groups including the Electronic Privacy Information Center and the Center for Democracy and Technology, as well as federal chief information officers, agency Web managers and Web analytics companies.

In a related move, OMB added privacy stipulations to existing guidance on the use of other organizations' social media tools such as YouTube. "Agencies must go back and review their current relationship with third parties and bring them into compliance with this new guidance," Fitzpatrick said.

Many agencies use online community sites such as Facebook and YouTube to interact with citizens and involve them in policymaking. "What has been missing is a clear set of guidelines with respect to privacy protections when they engage in these practices," Fitzpatrick said.

Under the new rules, agencies partnering with a third-party website must review the other entity's privacy policy to determine whether it is appropriate for the agency, he said. The policy also requires agencies to conduct a privacy impact assessment that examines whether controls are in place to comply with federal privacy regulations. In addition, officials must update their agency's privacy policies to inform the public that third parties could be providing the agency with personally identifiable information.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.