When using third-party advertising such as Google or DoubleClick, reference their usage and include the appropriate links. Google is just one example of many advertising sites.
Local shared objects (LSO) are also referred to as "zombie" or "super" cookies. They are part of Adobe Flash. Quoting from Adobe:
Local shared objects, sometimes referred to as "Flash cookies," are data files that can be created on your computer by the sites you visit. Shared objects are most often used to enhance your web-browsing experience. A website can write a cookie on your computer, and the next time you visit it will load that cookie and its information in a way that provides a more customized experience. For example, you may have asked a site to remember your login name. That information is stored in the cookie and retrieved on your next visit so that the website displays your name in the login field on the site.
The interesting thing about LSO's are that when you delete your cookie cache, the LSO is able to rewrite the cookie. This causes the LSO to be used not only for tracking, but for spyware as well. The only time your site should use Adobe Flash LSO's are when you have created Flash files (.SWF / .FLV) to share with your visitors and these local stored objects should not be abused with the intent on spying upon your site visitors.
A little more information may be found on local shared object.
EUROPA websites must follow the Commission's guidelines on privacy and data protection and inform users that cookies are not being used to gather information unnecessarily.
The ePrivacy directive – more specifically Article 5(3) – requires prior informed consent for storage of or access to information stored on a user's terminal equipment. In other words, you must ask users if they agree to most cookies and similar technologies (e.g. web beacons, Flash cookies, etc.) before the site starts to use them.
For consent to be valid, it must be informed, specific, freely given and must constitute a real indication of the individual's wishes.
Children's Online Privacy Protection Act
COPPA is United States law, however, the U.S. Federal Trade Commission has made it clear that the requirements of COPPA will apply to foreign-operated web sites (referred to as operators) if such sites "are directed to children in the U.S. or knowingly collect information from children in the U.S." per the FTC Privacy Initiatives. For additional information about COPPA, see the following references:
- FTC Bureau of Consumer Protection
- The Children's Online Privacy Protection Act via FTC
- COPPA FAQ via FTC
- Wikipedia COPPA article
The Platform for Privacy Preferences (P3P) are standards developed by the World Wide Web Consortium (W3C).
A few articles of interest:
- Privacy Lawsuit Targets Net Giants Over ‘Zombie’ Cookies
- Browser Fingerprints Threaten Privacy
- A Primer on Information Theory and Privacy
- Flash Cookies and Privacy
- The EU Internet Handbook
- Federal Trade Commission
- Network Advertising Initiative
- EFF - Best Practices for Online Service Providers
- Better Business Bureau