The Information Commissioner's Office has alerted UK public and private sector organisations that from 25 May 2011 they will need the consent of the users of their websites before setting a cookie or similar information-gathering technology on a site. Amendments to the Privacy and Electronic Communications Regulations will also …
They are utterly irrelevant to every aspect of my life.
Both as a private citizen, hoping for a regulator to protect me from IT industry abuse.
And a web developer concerned to see the reputation of the IT industry enhanced by a competent regulator.
When a web developer welcomes regulation then you know the 'wild frontier' days of the internet are either dead and buried or short numbered (depending on who you talk to)...
We need a trial period for Government users
I think we should have a trial period of a few months, during which anyone browsing from a Government IP address is forced to click through endless warnings about cookies.
They'll soon get fed up with the warnings and degraded experience, and quietly shelve this nonsense.
a trial period of a few months
Sadly the law comes into effect in only a few weeks :-/
in my limited experience....
Government websites are, in themselves, a degraded and degrading experience.
Clicking a few more boxes wont make it much worse but possibly better as I'll do even less of it.
Why is there a persisting belief that the internet and web pages makes for a, generally, 'better' interface between users and suppliers. In some cases it, without doubt, does but in too many cases it is a farce, a PIA and a distraction.
OK, so I don't have a clue, vote me down, but you've read this far....
Principle vs Implementation
"Why is there a persisting belief that the internet and web pages makes for a, generally, 'better' interface between users and suppliers."
Because, generally, suppliers' customer service reps get snippy at answering the same question every five minutes for eight hours straight. And users get annoyed when they have to sit on hold for half an hour only to have a rep get snippy with them for asking that same question. So making a good web site that allows customers to get answers to their common concerns without pointless delays or mindless repetition is a win.
Yes, there are some horrible implementations out there, but implementation failures do not invalidate the underlying principle.
"The Information Commissioner's Office has alerted UK public and private sector organisations"
Well they haven't alerted me. I sill have no idea wtf this legislation means to me, my work and the websites I run. Anyone got a link to a guide to the legislation written in english not legalese?
I think the ICO is running before it can walk.
Start with pocket caculators, guys, and work up from there.
A title is required
If only there was a way to track if a user had already visited a site and given their consent...
This guidance does nothing for the opt-out method where the site will track you based on behavioural analysis and only uses a cookie if you want to opt-out of receiving the targetted ads. In other words, it fully complies with the requirement to notify users if you set a cookie and collects data on you if there's no cookie.
In fact, it's worse than that. Setting the opt-out cookie, or using an add-in like TACO, doesn't actually stop the sites from continuing to collect the data on your browsing habits. It just stops the ads from appearing to you.
This remarkably cunning sleight of hand by the evil genii of web marketing has the unfortunate result of letting people know what surprise gifts or dirty little secrets their significant others are shopping for. I couldn't figure out why I was getting ads for exactly the toys my kids wanted for Christmas last year. Turns out my partner had set the opt-out cookie, but I hadn't. It was still collecting info on the stuff she was searching for, and then serving ads to me for the same stuff.
Two switches in every browser
For many years, every web browser I've used has had various options related to cookies, but the most useful as the one that says "Don't set cookies", "Ask me..." and "Always set cookies".
Slightly more recently most of them have added options to say "Don't set cookies for these domains...".
I did hear that browsers are coming with even more options now to satisfy this law in all it's stupidity, thus getting around the need for web sites to ask permission to set cookies. Of course whether that will satisfy the bods in Brussels is anyone's guess.
An analogy to this might be that they're trying to shut the stable door after the horse has bolted, met another horse (alt gender), raised 4 generations of baby horses and retired to a farm somewhere in Sussex.
That sounds like a worrying newsgroup
"The only exception to this rule is if what you are doing is 'strictly necessary' for a service requested by the user"
I want to use a session variable to track the user id of a logged in user. Session variables are stored against a session ID, this is stored by default by cookie.
Does that count as an exception?
"By clicking 'Log in' you consent to receiving a cookie which will enable stuff to work. To refuse consent, GTFO my lawn and don't log in"