EU 'Cookie' law

[steve]

In May 2011 a new law came into effect across the EU (European Union) concerning the use of cookies on web sites which are owned by organisations or individuals located within the EU. The deadline for compliance with this law is Saturday 26th May 2012, after which owners of non-compliant web sites can be prosecuted, and the maximum fine (in the UK) is £500,000. Compliance basically requires the site to pro-actively ask the user whether they agree that the site can store cookies on their computer. You will start to see this happening when you access web sites in the UK. Individual EU countries appear to be taking their own approach to applying the law.

The Wordpress part of this site (i.e. everything that isn't the forum or the wiki) previously used Google Analytics to track visitors. It appears that the use of Google Analytics does fall within the requirements of this law, so I have disabled it, rather than implementing an intrusive mechanism to request permission.

The forum and the wiki use cookies for login purposes. Under this law these are classified as "essential to the operation of the site" and anyone using the site therefore implicitly gives their permission for these cookies to be stored. I'm not aware of any other cookies in use here.

Information from the UK Government can be found on the ICO web site, e.g, here: http://www.ico.gov.uk/for_organisations ... okies.aspx

Note that the UK Government have stated that not all of their own web sites will be compliant by the deadline.

[mcrossley]

I'm ignoring this one and will run the risk , to be honest it looks like it will be a nightmare for users having to accept cookies on all the sites you visit - that makes for a great user experience!

[TNETWeather]

What a can of worms...

I've got a lot of websites that simply don't function without cookies.

I see some implementations of cookie notification scripts which look interesting.

Assuming you are in the EU, it might be that you just have a notice show up saying your require the use of cookies to use the site, and if they don't accept, you redirect them elsewhere. Once they have accepted, a "cookie" is put on their machine showing they accepted and they dont see it anymore. It would be a one time shot for any workstation they visit your site from. So once they accept, they would not see it again.

Example of one such system: http://cookiecuttr.com/demo/privacy-policy/

Outside of the EU... no point of bothering as the law does not effect you.

I am not in the EU however.... so I really don't have to deal with it.

[TNETWeather]

Just for grins to see how hard it was to add, I added cookiecuttr on my weather site for a bit... Not located in the EU so I don't need to do this and I will most likely remove it soon....

http://cumulus.tnetweather.com

IF you accept the Cookies... a cookie called cc_cookie_accept is put on your workstation and the banner thing goes away. If you delete that cookie, it comes back of course.

Any other workstation you have would need to "accept" to make the banner go away as well.

[steve]

Have you not actually activated it? I haven't accepted yet, but the site has still stored some cookies.

[TNETWeather]

Only part of them. I have to track down the session ones but basically that will break the site. Plan on setting it up to force you to a site holder and if the don't accept, they simply can't access the site.

Google analytics is blocked, however if you visited the site before this was turned on the old cookies would still be there.

This is more of a learning exercise as I am not required to do this.

Via mobile...

[mcrossley]

All I see on Kevins site is a cookie from a visit dating from my last prior visit. If I delete that all I get (in Chrome) is the cookie Chrome creates for every site you visit and a PHP sessionID

Edit: Cross posted with Kevin

[TNETWeather]

My idea was to place code in central processing code that would look for the accept cookie and if it was not there, would redirect the user to a special "Cookie Permission Page".

The page would then give information that in order to give permission and have the approval code there. Upon approval, the user would then be taken to the "real" site.

No permission, no real site. The visitor's choice...

That appears to be the way some sites are dealing with it.

However.... not sure how you would deal with search engines and other data collecting sites. Don't want to block them, so you would have create a list of what and who they are and let them bypass the "block". That starts making this a bit harder. More work.

This was an experiment for me and a learning experience. Luckily I don't have to really implement it, and will remove the code here in a day or two after I have played with it a bit.

As for the EU cookie rules, I think the whole idea is a bit on the clueless side. I understand the desire to protect people's privacy, but the lack of technological understanding of how things work and what the users themselves can control is a bit mystifying.

[mcrossley]

My idea was to place code in central processing code that would look for the accept cookie and if it was not there, would redirect the user to a special "Cookie Permission Page".

That is a more elegant way of dealing with it than client side code injected into every page.

As for the EU cookie rules, I think the whole idea is a bit on the clueless side. I understand the desire to protect people's privacy, but the lack of technological understanding of how things work and what the users themselves can control is a bit mystifying.

Indeed, of all the 'risks' out there this seems an odd one to target, an bit nanny-ist. I fail to see how they will police this,, will they employee an army of people to verify the bazillion web sites out there, or will it be a a voluntary thing for other than the 'big boys' . And when a non-compliant site is found, prove it is owned by an EU citizen. It sounds like a nice idea, lacking in knowledge, and a poor statue.

[robynfali]

I have just checked mine using this

http://www.bitstorm.org/extensions/view-cookies/ addon for mozilla

As far as i can tell my site doesn't use cookies, which sounds a bit strange?

[TNETWeather]

I have just checked mine using this ...
As far as i can tell my site doesn't use cookies, which sounds a bit strange?

Not at all.

If you don't use something like Google Analytics and don't have any kind of login or user access abilities on your website, it is quite possible you don't generate any cookies.

For template site systems like the Saratoga system, there are no cookies used unless you use features like letting the user choose the color scheme, width or use some special packages which need to remember the state of what you are doing.

[scoobs]

Heres a free site that gives you the code etc thinkbroandband are using it.

http://www.civicuk.com/cookie-law/index

just enter a few details and pop code into site job done might get round to doing it soon.

[TNETWeather]

Curious... did you see if they gave you any cookies before you provided approval?

[duke]

In a Freedom of Information request it was revealed that the ICO itself saw a 90% drop in traffic tracked by Google Analytics following its decision to ask permission to place a Google Analytics cookie. So that won't affect many online buisnesses, agencies, software vendors or users...... no worries for there then…… it can’t get worse can it?

Yes!

On the 22 June the Dutch parliament passed an even more crazy, daft or, if you prefer, tough cookie law. It require that users opt in to the placement of a cookie, it also requires that a website operator be able to prove that the cookie was accepted.

Source - Lynchpin

Duke

[mcrossley]

I just used my online banking (Lloyd's group), all they are doing is providing a link to a cookie information page. This basically says "if you do not want any cookies from your site, switch them off in your browser, and by the way if you do that you can no longer use our site." !