back to article Will UK.gov crack down on itself for missing Cookie Law deadline?

Most government websites will fail to comply with new laws on cookies when the Information Commissioner's Office (ICO) begins formally enforcing them next week, the Cabinet Office has said, according to reports. Websites store cookies on a user's computer, but new EU laws say users should be given the choice whether they consent …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

here's looking at you kid

Is the reg conpliant? In the interest of balance and fairness I think we should be told. :)

1
0
Unhappy

More unwanted stuff on websites

The methods for obtaining user consent can include using 'pop-up' prompts on users' screens that ask for consent to cookies when the individuals access web pages.

What method is to be used to obtain consent to pop-ups? A cookie, maybe?

3
0
Anonymous Coward

Re: More unwanted stuff on websites

'consent' isn't 'prior consent'

http://www.culture.gov.uk/images/publications/cookies_open_letter.pdf

0
0
Anonymous Coward

Re: More unwanted stuff on websites

http://www.youtube.com/watch?v=K4KeRBGmWZs

1
0
Anonymous Coward

Re: More unwanted stuff on websites

see that link at the top right of the DCMS site?

http://www.culture.gov.uk/

that links to a page talking about cookie?

http://www.culture.gov.uk/4902.aspx

Job done

Moving on, nothing to see here (except a crap load of badly worded fuckery from the EU which should have been aimed at browser manufacturers getting them to add better cookie controls but which got sprayed all over the place by accident.

3
0

Re: More unwanted stuff on websites

The best part about that link is how the web developer has worked the word 'Cocks' to sit just beneath the logo.

0
0
Anonymous Coward

EU powering up a money printing machine and no doubt getting a lot more paper pushers employed with this piece of crap law.

Nobody cares except a handful of people with no friends.

2
4
Meh

Will el reg ..

Be compliant on time? Thats all i'm interested in :)

Had the marketing guys quiz us about this the other day as the web team had been hassling for permission, its a royal pain the ass!

1
0
Stop

Behaving like Jonny Foreignor

Glad to see we are taking the same policy towards stupid European legislation as all the other victims of the EU - by basically ignoring it.

3
0
FAIL

So Google Analytics now ok?

From the bottom of the article "However, it has also admitted that it is not likely to take action against website operators that use data analytics cookies, which measure the number of users of websites and how those individuals use them, if those operators have failed to meet the standards for consent for those cookies."

So Google Analytics is now fine. Hang on, wasn't the whole point of this legislation originally meant to be to stop companies like Google knowing everything you do online. Could this be a case where legislation intended to stop practice A only has ended up stopping a bunch of practices other than A?

Why does this not surprise me.

1
1
Silver badge

Re: So Google Analytics now ok?

I think it is more the case of if it includes analytics then you are screwed. Our website runs on a "this has cookies that do this, dont like it then exit now" type approach. The same as tesco, sainsbury etc

0
0
FAIL

Re: So Google Analytics now ok?

That's the brilliant thing about this legislation. no one can say for sure.

The spirit of the law is about tracking and intrusiveness, So if cookies can be used to track you across multiple websites then they are highly intrusive and supposed to be the target of all this fuckwittery.

However Ed Vaizey and now the ICO said "er well we didn't really mean analytics cookies" "so we [i]probably[/i] won't fine you £500,000 for these"

Obviously they fail to realise that a big element of analytics is to see what site a visitor came from necessarily requiring an individual to be tracked across different sites.

It is all a huge fucking mess that if someone in a paid job who was actually accountable for their actions introduced something as vague and fucked up as this they would be sacked and never get a reference.

That's politics for you, you have to stretch incompetency to truly epic proportions to be held accountable for anything.

2
0
FAIL

Re: So Google Analytics now ok?

It gets better the more one thinks about it.. even if your website has third party adverts such as Adsense how can you be spanked for non-complience when you have no control over the code being used in the iframe?

0
0
Silver badge

Re: So Google Analytics now ok?

>>how can you be spanked for non-complience when you have no control over the code being used in the iframe?

To quote from another article:

"But the ICO will consider that websites will be responsible for all cookies on their site: even if the cookies come from third parties – for example from adverts provided by an advertising service. Sites that host advertising need to talk to their advertisers about what cookies the advertisers are serving up and then pass that information onto users.

"It's a complicated chain, I know," said the deputy commissioner, saying that they were in talks with advertising bodies about standards."

So, it's All Your Fault, even when it isn't...

0
0
FAIL

Re: So Google Analytics now ok?

"That's the brilliant thing about this legislation. no one can say for sure."

Ain't that the truth.

I'm really not one of those massive anti-EU nut cases. Really. I don't even read the Daily Mail.

But this is the second time I've been directly effected by a piece of EU legislation, and the second time I cannot believe the utter incompetence of those who wrote it (or the UK government that enacted it without eliminating the idiocy).

WEEE (Waste Electrical and Electronic Equipment) had this ambiguity where it said that it didn't apply to existing products, but it was utterly unclear whether this meant product lines that were already existing, or upgrade components for products that existed already. And there was no way of telling for sure. The official guidance was basically "read our minds and we'll take you to court if you fail." The confusion saw products removed from sale for legal reasons that were clearly compliant under either interpretation - small manufacturers just can't deal with that sort of uncertainty. (anyone dump their early PowerMac G4 computer because cheap CPU upgrades were withdrawn from sale at just the point in its lifecycle when you were looking for one? This was to save the environment...)

As far as cookies go, I suppose in theory I should rewrite the shopping cart so that it doesn't set a cookie until someone adds a product to their cart. And stop using Google Analytics. Bollocks to it quite frankly. I'll put something in the privacy policy and forget about it.

0
0
Bronze badge
Boffin

Session Cookies?

Does any informed person know here if session cookies are exempted? I'm hearing conflicting stories. There is a loophole that says something to the effect that consent is not required if said cookies are necessary for a site's operation, and many sites do rely on session cookies to operate as designed. On the other hand, you could argue that they're not properly designed if there is such a reliance...

1
0

Re: Session Cookies?

It depends on what they are being used for, if it is to hold contents of a shopping cart or provide access to a users personal information these can be considered to be essential to provide a service the user has requested and will be fine.

However if they just store user preferences, then technically you are supposed to get permission to store the cookie, however these are low priority and PROBABLY won't be penalised.

The ICO has also said they will only be investigating a site's use of cookies if they receive a complaint. They are not going to be employing an army of individuals to go around randomly checking every site's use of cookies.

0
0

Re: Session Cookies?

No they are not exempt. The ICO used to claim it's session cookie was essential as they had a form on the site that needed it, and so everyone got it. Now they only use it for the form in question, so they are now actually doing it right. Which wasn't the case a couple of months ago.

0
0

This post has been deleted by its author

Silver badge

Re: Same old, same old

I'm keeping GA cookies as it's essential I know what customers want from our website, it's a free way of keeping the site up to date with customer trends

It's only free to you. It's a third party cookie and unless you have an agreement with the third party that they will comply with your data protection policies that won't fly as you are effectively trading your users' personal data for an analytics services. Anonymising the data by stripping the last octet of the ip address is the way around that.

1
0
Silver badge

Re: Same old, same old

GA is in no way essential to your or any other website. You can find out all the same info by doing your job properly and analysing the logs. Selling your customers to Google is not free.

1
0

This post has been deleted by its author

FAIL

Re: Same old, same old

I suppose I could replace GA with some sort of browser fingerprinting. You can track someone quite effectively with a combination of IP address and the info they pass regarding their user agent. Doesn't leave a pesky cookie that someone can remove, or have any of those annoying first party/third party distinctions that can let people make decisions in their browser options either.

But I won't. I'm going to ignore this idiotic piece of legislation and carry on with Google Analytics. Which sets a first party cookie by the way, and if you suspect Google is using the data to do anything more than provide the site owner with statistics, why don't you sue them for lying in their terms and conditions, and stop bothering the rest of us.

0
0
WTF?

Granularity

I notice the ICO asks for permission for cookies as a whole both those essential for operation of the site AND for those that could possibly be considered highly intrusive (ie GA cookies)

http://www.ico.gov.uk/Global/privacy_statement.aspx

Surely this isn't actually compliant in the spirit of the law. What if I want to allow the essential cookies but not the analytic cookies?

I will be complaining to them on the 26th May I think.

0
0
FAIL

Re: Granularity

Even better try clicking the continue button without ticking the accept cookie box.

This just demonstrates what a complete pile of dogshite the whole thing is. It would be funny if it wasn't real life.

1
0
Holmes

I can't see them enforcing this...

...right after they start enforcing the disability discrimination act for websites.

Which so far as I'm aware they have yet to do.

Oh and that reminds me... must get round to blocking GA.

2
0
Silver badge

must get round to blocking GA

Ghostery + adblock plus.

You will have to turn off ghostery for the new version of the Met office web site. Their new version introduced a few weeks ago won't work unless you are being tracked. The old one was fine

1
0
Anonymous Coward

Re: I can't see them enforcing this...

The DDA stopped in 2010. The relevant law now is the Equality Act. The onus is on affected users to complain. Under the law, there's no government body with a pre-emptive duty to enforce

0
0
Bronze badge
WTF?

Re: Met Office website

Oh, is that the problem? I've been in correspondence with the Met Office about the new site, which doesn't work for me on this Kubuntu machine in Firefox (with ghostery and ad-block), nor yet with Chrome or Konqueror (obviously without ghostery or ad-block, but still working through a privoxy proxy). At no point have they suggested that I need to get myself tracked.

0
0
Silver badge

Re: Met Office website

After I diagnosed it myself - they made no sensible suggestions- I got the following from one Sarah Martin:

Dear Robert

Thank you for your email.

"The Met Office uses Webtrends Analytics to understand how people are using the website and identify areas that can be improved or removed."

This is covered in our cookie policy page: http://www.metoffice.gov.uk/about-us/help/cookies#third-partyy

I hope this helps.

Kind Regards

Sarah

Met Office Customer Feedback

I now use Meteox and Weather Underground which work even when their many trackers are blocked. If you want a blobby forecast instead of doing it youself Weather Online" seem just as good as the met orifice.

1
0
Bronze badge
FAIL

Suspended Sentence

This is a mess. The UK is supposedly bound to enforce this policy. Trying to double guess what is allowed/not allowed is impossible. And most small operators using industry software haven't a clue whether they are spewing legal/illegal cookies or not. The only sensible way forward is for ICO to declare that enforcement (if any) will be in the form of a penalty notice detailing the offending cookies and suspended for, say, 30 days (or 100% discount) if the offending site is sorted.

Then we can rest easily in our beds, let ICO decide how they want to enforce it or not, and then do the necessary. Or nothing. Otherwise this law has the danger of creating much unnecessary work and waste while missing the point of safeguarding both the user and operator.

3
0
Bronze badge

Is this legal?

Many of my sites were created BC (before cookies). We commonly used ServerSide programming to insert markers in the delivered page that could be read when the user pushed a continue link. This is how the first shopping carts worked.

Now because no explicit file is stored on their computer apart from the normal web page - would it be exempt from this law?

Save me trying to sort some old legacy stuff. It would be a major loophole. But then was this legislation ever run past anybody with a grasp of the industry?

0
0

Re: Is this legal?

The law isn't actually reall about cookies. It is the storing of any sort of data client-side (I believe ) that allows the tracking of the user.

It sounds like your code is..

1) an essential part of the service being provided to the user

2) not storing tracking data on the users machine.

So you sound fine to be.

The best thing to do is go to the ICO, read the reams of vague non-technical advice. Read how they may or may not prosecute you on a whim and then come away probably knowing no more than you do now.

0
0

Re: Is this legal?

Clearly nobody who knew anything had any part in the drafting of this legislation. Which is about normal. See.. well.. just about every piece of internet related leglislation ever passed.

1
0

Re: Is this legal?

Sorry about the typos. I introduced my desktop to 250ml of sparkling water last Friday and 20 years of touch typing doesn't really prepare you for a little x61 keyboard. :/

0
0
Silver badge

Re: Is this legal?

>>I introduced my desktop to 250ml of sparkling water last Friday

I take it the desktop didn't like that very much

0
0
Unhappy

Re: Is this legal?

It has not spoken to me since...

1
0
Anonymous Coward

At least non of us have got anything more important to be cocking around with on our sites than this stuff huh

1
0
Anonymous Coward

Having seen the ICO recommendations, we have taken the approach of informing users via privacy policy linked from home page on how the cookies are used - there is no opt out. Its not realistic for the functional parts of the website - if you opted out from the sid cookie we use (for example) you wouldn't have the ability to log in. place items in a shopping cart etc.

The only other cookies used are the __utma, __utmb, __utmc, __utmz for Google Analytics and we have advised our users that they can opt out if they so wish by following Googles own guidance ( http://www.google.com/intl/en/privacypolicy.html ).

Anonymous as I am still currently implementing this on our site...

2
0
Anonymous Coward

People shouldn't have to opt out of tracking

That's the whole bloody point.

0
1

This post has been deleted by its author

FAIL

My suggestion

although it wasn't accepted by the client, was a big box at the top which says.

Cookies are essential for modern websites to work. Get over it [ ] I've got over it.

Once ticked, cookies are permanently enabled for the site.

The whole thing is a complete nonsense. The ONLY sensible solution for this is a browser-based one, with browsers keeping track of what sites you have enabled cookies for or not.

2
0
Thumb Down

Essential for modern websites?

Strange how, when someone like me puts a cookie blocker on their browsers, most things continue to work just fine without them.

Sorry if it spoils your revenue model, but I'm not keeping cookies around just because you think your site needs them. It most likely doesn't.

1
0
FAIL

Re: Essential for modern websites?

As I'm sure you know, some things won't work. Which isn't an issue for you since you are aware of what you've done, what it means, and can make an exception if you need to.

Discuss this with many of my customers, and all you'll do is make them hungry. It would be a problem, but this whole thing is so deeply flawed that I know I can ignore it without any consequences.

0
0

Cookie-free analytics is so hot right now...

If your only cookies relate to Google Analytics, unless you want to trash your website and your visitor tracking with a horrid cookie consent feature (that the majority of visitors will either ignore or deny), then your best bet is to just move to a cookie-free system, and wait for Google to add this as an option on their Analytics.

0
0

It doesn't just relate to cookies. Calling it the cookie law is deceptive because it applies to any data placed on the client's machine by a website for the purposes of identification or tracking. Someone could create a different implementation and call it 'crumbs' but if it stores anything client side for identification or tracking the PECR still apply.

As far as I know Google have been utterly silent on this and since our government is one of only a couple of countries dumb enough to write this into law they may well just ignore it until the whole thing implodes and is forgotten.

1
0
Anonymous Coward

All that's gonna happen now is instead of a small unoffensive, easily removed file if you wear a tin foil hat, file, now all the people needing analytics and tracking will download all the information your browser knows about you and store it in a nosql database for mining!

Gee How great is that!

1
0
h3
Bronze badge

They should levy the maximum fine against everyone they can. (Wipe out the deficit quite a bit). Most of the things I wanted existed on the internet prior everyone turning into greedy scumbags.

If you want to do it then do it properly server side.

If there was a search engine that only allowed content that didn't use ad's or cookies I would definitely use it.

(The content providers who complain about the useless drivel they just get from other sites really irritate me.)

If people want a police state it should apply universally not just to easy targets.

0
1
h3
Bronze badge

Violation of this law is just the same technically as me uploading goatse to peoples machines. Surely it should be covered under not installing files on peoples computers without permission.

(Computer misuse act or whatever).

The thing Google does (did ?) certainly should be a crime to get around the Safari no cookies thing.

Itunes seems to have a habit of doing all sorts of crap in the background of computers.

Facebook itself is more of a problem than the purpotrator of - http://forums.theregister.co.uk/forum/latest/2012/05/17/facebook_account_hacker_jailed/

British culture is a lost cause.

0
0
Big Brother

Follow the herd

The individual is meaningless for the purposes of website analytics and targeted advertising, the movements of a single user whilst of academic interest it is actually the movement of the ' herd ' as whole that influences changes. Tagging every one of them using a cookie, pixel gif, HTML5 storage,Etag and a slew of other methods is just a waste of bandwidth.

Besides, even without cookies chances are good a visitor can still be tracked. https://panopticlick.eff.org/ fess up if tells you your PC is unique!

In closing something else to consider is the Phorm debacle, whilst this was swiftly exterminated by the groundswell of the public at large being outraged its almost identical data collecting twin in the form of services like Cloudlflare have gone largely unnoticed by privacy advocates.

0
0
This topic is closed for new posts.

Forums