Amid criticism that hardly any UK government websites comply with the new EU-mandated "Cookie Law" that comes into force on 27 May, the ICO has announced that it will be sending out some letters, and then waiting for people to complain. The ICO will send out 50 letters to the UK's biggest websites over the next few days, its …
I'm waiting to see what the BBC does, then our largest competitor.
Only then will I decide what to do.
The way I see it, if you ask people if they don't want cookies tracked, you're going to have to set a cookie to set that preferencee, otherwise you'll keep asking them the same question. (yes I know you could pass it through URL params, but really???)
Nah, you put a cookie on to say they are willing to be tracked. If the cookie is not there, you ask. That way people get so fed up being questioned they say yes just to shut you up.
Meanwhile I think I'll go check a few guv'mnt websites and complain if they are non-compliant. After all, they should set an example and as far as I can see are the only ones that we can guarantee can be taken to court.
I, too, want to know when the BBC website will ask before placing a uniquely identifying cookie on your computer.
<sarcasm>Well thanks for the clarification</sarcasm>
Another non-clarifying bit of BS from the ICO.
So what now, do we all start reporting every site that does not comply to the ICO and drown them in a bath they filled with their own shit?
Reminds me of Red Dwarf - maybe Rimmer is working at the ICO - "The time for talking is over. Now call it extreme if you like, but I propose we hit it hard, and we hit it fast, with a major, and I mean major, leaflet campaign."
Re: <sarcasm>Well thanks for the clarification</sarcasm>
Yup, this definitely sounds like the work of CLITORIS
Does not compute...
We don't expect all organisations not compliant on the 27th to have some evidence of taking action to be compliant.
Shouldn't that be
We expect all organisations not compliant on the 27th to have some evidence of taking action to be compliant.
@ICO: 'Don't expect torrent of enforcement action'
So no change then for the toothless, witless, useless ICO.
Well, if you have a gripe against a particualr website
Why not complain to the ICO? At least then your grumbling over their uselessness will be based on actual experience.
Meantime, is it too polite to term this whole episode as an omni-shambolic barrel of cluster-fucking monkey-shite?
To be fair to the toothless witless old gits
At least this time the law that they are refusing to implement is a pile of meaningless dogshite
Big brother would watch you but he's just so bored with the endless repeats.
@FatsBrannigan: "Why not complain to the ICO"
You seriously naively believe anything you say to the useless ICO will be listened to?! ... How stupid are you!?! ... The ICO have consistently done fuck all about their endless toothless gross incompetence going back for years, not least of which, their whole appalling apathetic handling of the whole Phorm spying saga. They don't want to listen to people.
Re: How stupid are you!
Nurse, the Ritalin!
Don't expect torrent of enforcement action
Because torrents are evil and The Pirate Bay has been blocked now.
Seems to me as if ...
... the ICO realises that this is a horrible, unworkable piece of legislation and is going to do the minimum it can to enforce it, because it is really embarrassed about it.
Oh what fun!
Just spent a day working on a briefing for clients (though none of them have asked about cookies yet). It's a bit difficult to advise them when the ICO 'clarification' is as clear as mud. None of our clients use 'bad' advertising cookies ... just stats and 'share' cookies ... so it's a complete waste of our time and money, and their's too.
So, I think I'm just going to have some fun ... with a new (annonymous) hotmail account, I'll complain about all our competitors and all the companies with lousy customer service ... especially all the government departments and local authorities ... oh, and quangos too.
Re: Oh what fun!
Hehe - just what the interwebs needs - crap laws enforced by trolls
What if you refuse?
My local NHS trust now has a very clear GoogleAnalytics cookie use message: you have to acccept it or you can't get in.
What if I refuse?
Wish they could get their story straight
This morning analytics cookies were getting a free pass but this afternoon you must ask "users' consent for any cookies the websites are using to track their behaviour". I do think the later is correct but would be nice if I could trust what they're saying.
Either way sounds like all we have to do is show we've thought about the issue and done a cookie audit to escape prosecution. With my webmaster hat on that's great but with my user's hat on that's complete nonsense from a toothless body that should be closed.
If Google was a Chinese firm and the British government wasn't a US subsidiary
No comment would be a reasonable comment.
We send them ours and accept all theirs?
That's what we call a balance of trade?
Outside the EU?
We're based in the UK but all our websites are hosted on servers based in the US. Mainly for cost reasons. Much cheaper to buy things in USD than GBP or EUR - our dedicated servers and AWS bills are testament to that. As it goes about 50% of our customers are in North America as well.
Would this only apply to websites hosted within the EU?
Or does it also apply if you host your website abroad but are an EU-based company?
What if you host your website everywhere, i.e.: cloud, and it could be served from many different zones for any particular request?
I'm not sure they've thought this through.
Re: Outside the EU?
"I'm not sure they've thought this through."
That'd be a shock.
Certainly has to be up there with the dumbest laws in history.
"Plans to wait for user complaints..."
What - like we did with Phorm?
Make the ICO part of OFCOM, since it's just as useless.
Then abolish OFCOM, iaw Cameron's manifesto promise.
Re: "Plans to wait for user complaints..."
Abolishing the ICO would at least make it clear to all that there was no law enforcement of the DPA, PECR, or indeed anything touched by the clowns in Wilmslow [unless you are a public sector body].
If you are a UK company then it applies to you regardless of where your site is actually hosted.
The selective enforcement of laws never fails to bemuse
«The Cookie Law officially came into force last year as part of the EU Privacy Act, but the UK allowed a year-long grace period during which the law was not actually enforced in order for businesses to work towards complying with it. ... We don't expect all organisations not compliant on the 27th to have some evidence of taking action to be compliant.»
Let me see if I understand - UK websites have had one year since this law officially came into effect to prepare themselves, but still this particular law, which is designed to protect users' privacy, will not be enforced. Dare one draw conclusions about the degree of concern for ordinary peoples' privacy - as opposed to, say, the «rights» of copyright holders - which moves Mr Cameron's government to this unusual laxity ? News of the World, redux - or are all laws in the UK «enforced» in this manner ?...
Myself, I use the DoNotTrackPlus add-on (www.abine.com) on Firefox and Chrome in order to stop tracking cookies - how well I succeed is another matter....
What about the Information Commissioner's obligations?
The Information Commissioner is legally obligated to 'promote' good practice among data controllers: 'It shall be the duty of the Commissioner to promote the following of good practice by data controllers and, in particular, so to perform his functions under this Act as to promote the observance of the requirements of this Act by data controllers'.
How does sitting back and waiting for complaints achieve this obligation?
Re: What about the Information Commissioner's obligations?
Easily - you're quoting the Data Protection Act and the cookies under discussion don't contain personal data.
Re: What about the Information Commissioner's obligations?
All data protection legislation falls under the umbrella of the DPA as a data controller has a legal obligation to process personal data in accordance with the eight data principles. Thus, the failure by a data controller to comply with UK or EU regulations will ultimately have an impact on the DPA.
For example, the failure by a data controller to obtain consent prior to sending out electronic marketing - which is required by the PECR2003, which are in turn based on an EU Directive, is also one of the requirements of schedule 2 of the DPA.
Late to the discussion, but...
What is the exact wording of the Google and Facebook exemption?
I ask this because our main concern is use of Google Analytics. If there is an exemption for cookies from Google, then Analytics is in the clear, given that our website does not host the code for analytics, Google hosts it from their servers and so it is a Google signed cookie, hence qualifies for the google exemption?
"If there is an exemption for cookies from Google"
I don't think its an actual "exemption", merely a statement that because Google isn't an EU company it doesn't have to comply with the legislation.
But if *you* are a EU company, then you do -- and surely nobody with a grain of common sense would agree that asking a third party to perform something on your behalf exempts you from your legal obligations. "It wasn't me that run you over on the pedestrian crossing, it was my car" isn't going to be accepted by any court. Similarly, if the code that *calls* some third party code (whether google or otherwise) is on your site, you *ought* to be accepting legal responsibility for what it does and making sure that what it does is legal. Which, quite possibly, means not using it if you cannot be certain.
Equally, I'd disagree that google is not subject to EU jurisdiction. The EU certainly seems to think it is. So why the ICO should think otherwise only goes to question the competence of the ICO.