Omega Owners Forum
Chat Area => General Discussion Area => Topic started by: Rods2 on 25 April 2012, 00:29:19
-
On the 26th May the EU Cookie directive becomes law where you have to get explicit consent from users to use cookies on their computer. Now I have build and look after a number of sites this is going to apply to. Have any other web developers on here had any thoughts on this, as any advice would be greatly appreciated?
http://www.telegraph.co.uk/technology/internet/9223930/EU-cookie-law-will-cost-businesses-10billion.html (http://www.telegraph.co.uk/technology/internet/9223930/EU-cookie-law-will-cost-businesses-10billion.html)
The consensus also seems to be that you are going to need to LIST and CATEGORIZE ALL of the cookies that the site uses on your 'Privacy Policy' or 'T&C' page, which for sites with many advertising sources is going to be a major job.
http://www.telegraph.co.uk/technology/internet/9181672/Cookie-consent-guidelines-launched.html (http://www.telegraph.co.uk/technology/internet/9181672/Cookie-consent-guidelines-launched.html)
The easier question:
Do you put a consent button at the top of the screen and don't enable cookies until they have consented? Do they only need to give their consent once (and then save this in a cookie) or each time they visit the website?
Now it gets more difficult:
3rd party cookies like Google Analytics, which can use up to 5 cookies, easy enough don't enable until user has consented, but the client than has inaccurate site statistics and can't calculate ROI for Google Adword sales where some customers don't give their consent!
I have a server side tracking system, which I built for a travel agent many years ago which uses landing pages index.php, index2.php etc, to track different campaigns with a server side tracking system, which will get round this problem, where it tracks and stores the source right through the selling process, but some of my customers will bitch that they will now have to use more that one system, ie Google Adwords stats and my stats to calculate ROI. Anybody got any other suggestions?
Now it gets worse:
Some websites including some of my own, make their money through 3rd party advertising. The easy solution would be not to display the adverts until you get consent, but I suspect that will kill the sites paying for themselves, don't consent, 'no annoying' adverts, so no income. So it is going to be a case of working with each supplier, so cookies are turned off, but the advert still displays until you give consent. Again what mechanisms will be in place by the 26th May for this?
Now it gets even more difficult:
3rd party suppliers who use iframes. Where browser security means that you have no control over the content of 3rd party iframes, this will mean multiple consents. The only work around for this I can see is to reload the iframe with a url consent variable. I can do this using JavaScript and location.href="3rdparty.com?consent=1"; But how many 3rd party suppliers are have implemented such systems by 26th May?
Into the unknown:
Now this applies to all EU based computers, so if your website is outside the EU and is accessed by EU citizens it applies. Now I'm working on an international website at the moment and using IP data to set the country, so I know from a location whether a computer is in an EU country or not and whether I need a comply button. But what happens if an EU citizen is the using their computer outside of the EU on business or holiday, would I technically need to have the comply "Confirm" button?
The small site / not-technical nightmare:
Many small web sites and blogs are build using 3rd party software development environments. How are they going to cope, with knowing what cookies the system uses, if you have an ecommerce option, this will almost certainly add more cookies and the consensus is that your 'Privacy Policy' should list ALL of the cookies used on a website and what they do. Now I can do this, but it is going to be a pain in the butt, but what about these sort of non-technical users. Many of these will be using freeware / shareware unsupported systems, or US developers primarily for the US market, with I don't give a toss about EU directives, level of support.
No consent given:
How is this going to impact Ecommerce sites and software, where they don't work without cookies enabled?
This is going to impact MOST people that manage or run websites, many people that run information sites, and pay for the hosting / running costs or supplement their income though some small websites right up to multi-national companies are all going to be hit, with most likely, across the board, lower online sales. The fines for non-complience are up to £500,000. I've no doubt that trading standards will be gearing up for this as a new Government deficit-busting tax stream, while in the rest of the EU when it comes to compliance, their officials will just give Gaelic shrug.
This going to cost all EUSSR companies and economies a lot of money, just what we all need in a US / Europe economic depression, made ten times worse in Europe with the Eurozone madness. >:( >:( >:( >:(
-
Sorry mate....straight over the top of my head. ???
If this applies to 'the man in the street' with a website, I am glad I have just pulled the plug on mine..... :y
-
The problem is, it's legislation that was drafted by politicians and bureaucrats who have not a glimmer of nouse when it comes to understanding the practical application of their rulings.
Quite what jurisdiction they think they have over a site hosted outside the EU I'm not sure?
Probably a notice that says "we use cookies. If you don't like that, disable them in your browser or go forth and multiply". ;D
-
Doesn't sound at all well thought out. But at least the legislation is in place. My guess is it is aimed at the "big boys". They would need an army of prosecutors to get everybody!
-
Doesn't sound at all well thought out. But at least the legislation is in place. My guess is it is aimed at the "big boys". They would need an army of prosecutors to get everybody!
.. and very deep pockets to get anywhere with the "big boys".
-
Surely all they'll do is implement some law like DMCA - i.e. someone spots it, files a complaint with the hosting company/ISP, the ISP/hosting company cuts off your access or turns off your website no questions asked and you then lobby to get it turned back on again and/or prove your innocence.
As just happened to the other car club I frequent..
-
The problem is, it's legislation that was drafted by politicians and bureaucrats who have not a glimmer of nouse when it comes to understanding the practical application of their rulings.
Quite what jurisdiction they think they have over a site hosted outside the EU I'm not sure?
Probably a notice that says "we use cookies. If you don't like that, disable them in your browser or go forth and multiply". ;D
Much as I like the sentiment in this :y, it won't work as you can't use cookies on their PC until they have given their explicit permission. >:(
On jurisdictions outside the EU, they can block the site, if it doesn't comply.
-
My lad is in the process of building me a basic website for the business.
Nothing flash, just a few details and a little bit of advertiseing for me.
Is this going to affect me in any way ?
-
Much as I like the sentiment in this :y, it won't work as you can't use cookies on their PC until they have given their explicit permission. >:(
You have a dialogue that collects that permission and invites the user to click to continue before cookies are used, then. Just like those "are you really 18?" questions that some sites have <cough!> apparently, so I've been told, you understand? :-[
I would be making it big and obvious and reminding users that this PITA is down to the EU.
Is this going to affect me in any way ?
It might well do. Pretty much any content management system will use cookies in some form. Whether they do so in a compliant way is currently the subject of much argument, mainly because the legislation is so poorly drafted, by people who don't actually know what a cookie is. ::)
If he's not using a CMS and just building a static site, then probably not.
As said, though, I'm pretty sure nobody will be going after the little guy.
-
I've found this paper from the Information Commissioners Office, which does help to clarify some points, in a very vague sort of way.
It seems they will be sympathetic with sites that don't comply, but have made an effort to comply and cause problems if no effort has been made and you are using more intrusive tracking cookies.
http://www.ico.gov.uk/~/media/documents/library/Privacy_and_electronic/Practical_application/advice_on_the_new_cookies_regulations.pdf (http://www.ico.gov.uk/~/media/documents/library/Privacy_and_electronic/Practical_application/advice_on_the_new_cookies_regulations.pdf)
I can see why they have done it to protect privacy from intrusive tracking cookies, but in the paper they admit they are working with browser developers, to implement a browser solution, but you would still need to have a system in place for older browsers, and of course it looks like these new browsers will not be available for 26th May. The EU out on a limb, reducing all EU online companies competitiveness is just what we all need in the middle of a now-European / Euro lead depression. Still when did a socialist every worry about industry competitiveness compared with 'uman / workers rights. >:( >:( >:( >:(
-
Its so poorly drafted that depending on how good lawyers are, any dynamic website will be non compliant, or all websites will be compliant. Complete waste of time and money, but guess it stimulates the IT economy, as everyone gets consultants in ::)
Virtually all bu the most basic, static site, uses tracking cookies, as any dynamic site needs to maintain a user's session. It cannot function without this. There is no secure, feasible solution - that's why cookies were invented.
-
I'm guessing OOF uses cookies to track read/unread posts at the minimum, and maybe more items.... so where do we sign to give you the authority to continue ??
:)
-
I'm guessing OOF uses cookies to track read/unread posts at the minimum, and maybe more items.... so where do we sign to give you the authority to continue ??
:)
Only uses a cookie to track who you are. What you are doing and when is stored in other ways, that this pointless legislation does cover :-X
-
Considering that this law came into effect on 26th May 2011 I have seen little evidence of any sites becoming "compliant". I realise that we are in the 12 month grace period but I would have thought that if it was being taken seriously we would have seen examples by now. Of course, it may well be that many sites are already compliant and I just haven't visited them yet. :)
I would guess that this will be enforced as effectively as the DDA is enforced for web sites - i.e. hardly. There may be a token slap on the wrists for some major sites but there just are not the resources available to police it. Even if some users maliciously report sites I would guess that any penalties would very minor and take so long to be enforced they will just die a natural death.
Most internet users just don't give a toss about it, but they might start getting more than a little irritated when they have to complete forms and tick checkboxes every time they visit a site.
-
Considering that this law came into effect on 26th May 2011
Didn't it delayed by a year in the hope that it would evolve into something less nonsensical to allow site owners time to implement it?
-
Considering that this law came into effect on 26th May 2011
Didn't it delayed by a year in the hope that it would evolve into something less nonsensical to allow site owners time to implement it?
No, it became law on 26th May 2011 but a period of grace of one year was allowed for web site owners to implement the changes. So, although no prosecutions would have been made the law was still in place. Of course, the ICO can now reasonably say that web sites have had a year to comply and therefore go after noncompliant sites with gusto!
-
My lad is in the process of building me a basic website for the business.
Nothing flash, just a few details and a little bit of advertiseing for me.
Is this going to affect me in any way ?
Depends if the site uses any cookies and how it uses them.
-
My lad is in the process of building me a basic website for the business.
Nothing flash, just a few details and a little bit of advertiseing for me.
Is this going to affect me in any way ?
Depends if the site uses any cookies and how it uses them.
How would I find out ?
(please note, I know slightly more then break all when it comes to computing :-[)
-
My lad is in the process of building me a basic website for the business.
Nothing flash, just a few details and a little bit of advertiseing for me.
Is this going to affect me in any way ?
Depends if the site uses any cookies and how it uses them.
How would I find out ?
(please note, I know slightly more then break all when it comes to computing :-[)
Accept that any site does use cookies in some form ;)
-
Accept that any site does use cookies in some form ;)
.. which is why the legislation is so daft.
Saying yes to cookies because any site needs at least a session cookie to interact with you properly also opens you up to being tracked by google, @rsebook, idiotter, every ad site going, etc.
Now, if they just required permission for 3rd party / tracking cookies it might be more useful because the site could actually function without you agreeing to get cookied.
Not that most users give a damn. Just had to spend a long evening cleaning up a relatives brand new Win 7 machine which was completely owned due to them just clicking the "yeah, whatever" button every time a UAC notification popped up. ::) Not sure why anyone thinks this cookie thing is going to be any more useful?
Those who do give a damn are already blocking anyone they don't expressly want a cookie from, of course, so why bother at all?
-
Now, if they just required permission for 3rd party / tracking cookies it might be more useful because the site could actually function without you agreeing to get cookied.
That often has legitimate uses as well (and is incredibly easy to work around if use is less than scrupulous). In OOF World, the Shop could potentially use 3rd party session cookies between the shop and the clearing house (PayPal in our case) ;)
-
Now, if they just required permission for 3rd party / tracking cookies it might be more useful because the site could actually function without you agreeing to get cookied.
That often has legitimate uses as well (and is incredibly easy to work around if use is less than scrupulous). In OOF World, the Shop could potentially use 3rd party session cookies between the shop and the clearing house (PayPal in our case) ;)
True.. :-\ But in kicking this can around for a few minutes I think we've already done a better job that the ICO, and who knows how many millions they've thrown at it? ;D