That's true, but to a point one of the considerations is whether you're acting in good faith or not. If you're 'on the edge' but making an attempt in good faith to be compliant, you're probably going to OK, but if you're on the edge trying to bend the rules at every opportunity, when you do skirt the rules, it will come back to bite you a bit more.
The unholy side-effect of that is that site owners based in Europe will have to know the applicable laws for each EU member as the Directive does not proscribe any particular wording.
The ICO's own site is where I feel it's failing most: I accept that they may not know the specific details of each cookie - I don't know the specifics of what's in the Google Analytics cookies, for example, so that part I'm willing to accept the way they're doing it. What I don't like is the way they're using a single consent to accept *all* of those cookies, not bits and pieces.
The other bit of advice I've just been given is that site owners should clearly explain the content and use of any third-party cookies introduced on visitors' machines during their visit. But I note that even the ICO is unable to do this fully.
It is, but at the same time, there's no other way to do it. They don't set any cookies, so there's no method other than this to indicate consent unless you're a registered member and have provided consent that way somehow.
The other rather laughable aspect of the ICO site is that it places a second cookie, in addition to their main one, if you agree to cookies -- surely the presence of their main cookie indicates that you've agreed to cookies!
Well, as this discussion has shown, Nao and I both have reservations about how this will be enforced, and whether it actually will be or not. But I don't see that we - as platform stewards - can take that risk.
Oh and thank you for posting a copy of your email to ICO. I am relieved and reassured to know that this issue is being taken seriously by the Wedge Team whilst those over at SMF are simply burying their heads in the sand. You have just provided me with yet another in an increasingly long list of reasons to wait patiently for the release of Wedge! Thank you!
This is the problem I have with SMF: I understand their view that they're in the US and as such they take the view that it does not apply to them. But they're not offering advice on how to be compliant, and given what's involved, and how deeply rooted it is into SMF, with its session management and also the privacy concerns of Who's Online, and that's where the problem is. If the team isn't actively taking this on board, who is? Is anyone?
And that's the problem: it leaves people like you and me (taking off my platform steward hat for a moment) in the lurch because if the platform itself isn't going to take responsibility, that means the site owners have to, and without any guidance, how can they?
As I said in my email, I don't know if other platforms are taking this seriously, but I don't see big noises about doing so, put it that way.
Oh, I'm pretty sure that it is just for show, but until it's actually tested in a complaint, we have to assume that it isn't. Bear in mind that it is only to be used in the case of people complaining, rather than doled out by machine.
'm still convinced that this is just 'for the show', and that this law is only going to be used in clear cases of privacy abuses, as legal grounds for action, rather than being mindlessly applied to every single blog or whatever.
The thing is, even with the source code available, it isn't that easy to identify what the cookie does, especially if you observe that the PHPSESSID is actually potentially set for 3 years at a time when it is supposed to be a session cookie, it does make you wonder what's going on.
If we make it difficult or even impossible to be compliant, I myself can't use Wedge on my own sites, that's the bottom line. If I can't be reasonably sure that Wedge will be compliant, I don't see how I can in good faith or otherwise operate Wedge on my own sites, so even though I personally believe that it's for show, I can't take that chance for my own stuff, and I can't, thus, take that chance of dropping people in it who use Wedge in good faith.