The Cookie Law (in the UK at least)

markham

  • Finally finished the Slideshow... phew!
  • Posts: 138
Re: The Cookie Law (in the UK at least)
« Reply #90, on May 4th, 2012, 07:42 PM »
You replying to my post on SMF reminded me - did ICO ever reply to your well thought-out email? If so, was it quite simply the web equivalent of RTFM?  ::)

My reason for posting an implementation of geoIP functionality to determine if the use of cookies needs visitor approval or not was twofold:
  • I'm a 60+ year-old non-programmer (by your standards!) and am completely self-taught. I've never written a line in PHP before and I wanted to see if I could do it and make it work. The result is probably very amateurish but it does work as advertised.
  • There is quite some hostility and resistance to this law generally being expressed in various SMF threads and I thought that this might possibly encourage those EU-based Admins who are concerned at not pissing-off their non-EU visitors into actually making their sites compliant. Of course it's entirely up to them if they choose to implement the geoIP side with the attendant risks that has.
I wonder how long it will take for our legislators to discover the "joys" of web bugs and HTML5 local storage both of which can, I understand, be used to track people around the net.

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: The Cookie Law (in the UK at least)
« Reply #91, on May 4th, 2012, 07:51 PM »
Heh, nope, not any reply at all. Can't say I'm entirely surprised but I'll give them a nudge shortly.

Oh, I have no problems with people trying it out at all. I think it's great that people are at least taking it seriously and trying to implement something that's workable. I don't have issues with that, I have issues with the concept of geo-location, as I said (though I was perhaps a touch less tactful than I might have been)

I just get the feeling that if it falls flat and gives a spurious response, the ICO will not be too enthusiastic about it, because it would appear to be a way of 'getting around' the requirement.

What it does mean, really, is that developers will change how they approach things, exactly as you indicate; we'll see items pushed into URLs and localStorage to bypass being in cookies, though once that's pointed out, we'll likely see the law expanded to cover these things too.
When we unite against a common enemy that attacks our ethos, it nurtures group solidarity. Trolls are sensational, yes, but we keep everyone honest. | Game Memorial

nend

  • When is a theme, no longer what it was when installed?
  • Posts: 165
Re: The Cookie Law (in the UK at least)
« Reply #92, on May 5th, 2012, 05:57 AM »
Quote from markham on May 4th, 2012, 07:42 PM
I wonder how long it will take for our legislators to discover the "joys" of web bugs and HTML5 local storage both of which can, I understand, be used to track people around the net.
It is like these OSes and Firewalls, "Are you sure you want to do this?", "So and So is requesting such and such, Allow?". Point being, most computers still get infected because most users can care less as to what they agree to. That is what the Anti-Virus is for most may say, unknown to them a Anti-Virus is no magical cure.

The people that really care about the cookie subject I am sure already have the situation sorted in their browser. The people that don't care, are going to accept those prompts without giving it a glance as to what it says.

Useless annoying law, I stand by my claim. ::)

godboko71

  • Fence accomplished!
  • Hello
  • Posts: 361
Thank you,
Boko

live627

  • Should five per cent appear too small / Be thankful I don't take it all / 'Cause I'm the taxman, yeah I'm the taxman
  • Posts: 1,670
A confident man keeps quiet.whereas a frightened man keeps talking, hiding his fear.

markham

  • Finally finished the Slideshow... phew!
  • Posts: 138
Re: The Cookie Law (in the UK at least)
« Reply #95, on May 6th, 2012, 12:23 PM »
Quote from godboko71 on May 5th, 2012, 06:15 AM
Can't wait for the US to get into these laws should be an interesting clusterf*ck.
As I understand it, US law-makers have been studying the EU's PECR and do intend to implement very similar legislation. And when they do, there will be much wailing and gnashing of teeth throughout the land but I do wonder if some of those brave American souls who've spoken out against PECR[1] will be quite so brave when the legislation affects them also.
 1. Eg as expressed on SMF for example

nolsilang

  • Lurking <i class=
  • Posts: 106

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: The Cookie Law (in the UK at least)
« Reply #97, on May 17th, 2012, 04:42 PM »
I'm not surprised. I still haven't had an answer from the ICO and I have sent another email asking for an update.

I still think the problem can be solved in Wedge's case by a more drastic measure than previously indicated and would have a lot of beneficial effects as a consequence but the shouting that will ensue from users afterwards... I don't want to have to deal with that.

markham

  • Finally finished the Slideshow... phew!
  • Posts: 138
Re: The Cookie Law (in the UK at least)
« Reply #98, on May 17th, 2012, 06:56 PM »
Quote from Arantor on May 17th, 2012, 04:42 PM
I'm not surprised. I still haven't had an answer from the ICO and I have sent another email asking for an update.
I was about to ask you about that!

It's not good that Government sites won't be in compliance as like the rest of us, they have had a year's grace. They really should be setting a good example.
Quote
I still think the problem can be solved in Wedge's case by a more drastic measure than previously indicated and would have a lot of beneficial effects as a consequence but the shouting that will ensue from users afterwards... I don't want to have to deal with that.
Would you care to elucidate?  :)

I had a quick look at the WordPress plug-in and have to question whether it is a compliant solution. Seems to rely on a third-party site with which your site must register and it simply displays a message with an "accept" button but doesn't seem to be a way for your site to determe whether a given user has accepted cookies (if so, which). I suspect it's a means of collecting marketing intelligence in disguise.

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: The Cookie Law (in the UK at least)
« Reply #99, on May 17th, 2012, 07:06 PM »
The more drastic solution I've proposed is the one that obliterates all tracking of any kind for non-logged-in users. You lose the ability to see how many guests there are and what they're doing, but you gain a massive performance boost and instant compliance. You also get some SEO benefits to not having to munge the session ID around.

That aside, it would be trivially possible to be absolutely compliant with the rules with almost no work by having the session ID pushed to the URL but that does raise issues for SEO. And you can imagine how many people won't like the idea of not knowing how many 'guests' there are, which means there's a debate on how to judge how active a forum is.

But it would absolutely solve all the problems by then making cookies required only to be logged in, and if you don't agree with that, you don't get to be logged in, simple as.

What I am seeing, though, is sites simply refusing access without cookies and being done with it, such as Games Workshop's site was doing last night when I looked, which is entirely legitimate as I understand it - but it spells doom for search engines.

nolsilang

  • Lurking <i class=
  • Posts: 106

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: The Cookie Law (in the UK at least)
« Reply #101, on May 18th, 2012, 01:08 PM »
Apart from the fact that it disappears real quick and is not particularly obvious or obtrusive...

Thing is, the little UI tweaks are just variations on a theme, there are far larger matters to attend to in both SMF and Wedge. (I don't believe, for example, that emanuele's mod fixes a side bug in SMF where the PHPSESSID cookie gets set for 6 years)

nolsilang

  • Lurking <i class=
  • Posts: 106
Re: The Cookie Law (in the UK at least)
« Reply #102, on May 18th, 2012, 05:49 PM »
Code: [Select]
http://www.pcpro.co.uk/news/enterprise/374734/ico-no-fines-for-breaking-cookie-rules

I'm still looking for official news, all links about this "no fines" lead to this news.

Arantor

  • As powerful as possible, as complex as necessary.
  • Posts: 14,278
Re: The Cookie Law (in the UK at least)
« Reply #103, on May 18th, 2012, 05:55 PM »
Yeah, The Register is reporting similar: http://www.theregister.co.uk/2012/05/18/cookie_law_ico/

But the most amusing part is one David Evans, a rep for the ICO...
Quote
Asked whether the ICO thought users knew enough to be able to consent to cookie agreements, Evans said: "We're not asking that user education has to give everyone a masters in computer science." He added that the legal definition of consent did not ask for proof that users understood what they were doing.
That last part is very interesting... and makes the whole thing basically irrelevant. Argh, so much time wasted, hardly surprising they haven't responded to my email yet.


The best one, though, is a comment in response to that article.

http://forums.theregister.co.uk/post/1414984
Quote
Well, if you have a gripe against a particualr website
Why not complain to the ICO? At least then your grumbling over their uselessness will be based on actual experience.
Meantime, is it too polite to term this whole episode as an omni-shambolic barrel of cluster-fucking monkey-shite?

nolsilang

  • Lurking <i class=
  • Posts: 106
Re: The Cookie Law (in the UK at least)
« Reply #104, on May 18th, 2012, 06:03 PM »
Maybe the goverment will do it after all the government sites comply, so it just postponed. Better safe than sorry