In order to respond to your complaint this organisation needs to store information about you. Will you allow us to do that?
UK businesses should actively involve themselves in the debate over changes to EU law if they want to avoid problems stemming from the way those laws are drafted, an expert has advised. Technology law specialist Luke Scanlon of Pinsent Masons, the law firm behind Out-Law.com, said that businesses can help law makers avoid …
In order to respond to your complaint this organisation needs to store information about you. Will you allow us to do that?
Banning "evil" cookies on legit sites = a ton of work
Evil sites not hosted in EU = completely ignore this, and continue to use "evil" cookies
Ergo: law penalises the legit orgs and annoyy the user with cookie warnings, while the "evil" sites the law aims to target continue as normal. Joe Bloggs continues to have no idea what cookies are.
End result? See icon.
To quote a quote from the article:
"Neither the UK Government nor the ICO have any power to ignore or change it on their own, however burdensome it may be, so long as the UK remains in the EU and chooses to honour its commitments as an EU member state"
..but then hardly any of the other EU member states have bothered to do anything at all, which is the norm. When most other EU countries are told to do something that they don't want to do, they simply don't do it and there never seems to be any sanction against them. Despite UK.gov's constant moaning about EU interference, it is one of the few governments that actually complies with this stuff.
It *is* a tragic waste of time and effort. Now we just have a load of intrusive on-screen widgets coming up nagging about cookies which you can't always get rid of (especially on a mobile device). And the ICO has better things to do, such as actually enforcing action against REAL criminals who are doing evil things with our personal data..
The UK government can ignore or change the law. We are NOT ruled by brussels. It is not necessary for us to draft laws which are far more intrusive than those drafted in other member states.
" When most other EU countries are told to do something that they don't want to do, they simply don't do it and there never seems to be any sanction against them"
Never heard about the European Court of Justice, didn't you? Try "the european court of justice condemned " on your favorite search engine, it will give you a hint...
"Cookies are small text files that record internet users' online activity."
If we start off with a bad description of what cookies are, and worse use the loaded words "record" "users" and "activity" in sequence, where do we hope to go from there?
I really don't care if sites store a cookie ... but if only there was a browser setting so those that do can disable or confirm if they want to store them... oh wait.
to spend some money and time educating web users about what cookies are used for, instead of trying to impose legislation which penalizes most legitimate site owners and developers, and is completely ignored by most of the companies it was supposed to stop.
In my experience, talking to lusers, they all have this "Why is some one writing data to /My/ hard drive - it shouldn't be allowed!" attitude which has been fostered by the EU bureaucrats and privacy advocates, despite the fact that the majority of the time it is completely harmless and indeed beneficial to the user.
What nobody in authority, or average user on the street seems to understand is that the alternative would be for each and every web server on the internet to store each visitor's preferences in some sort of massive database, which, in order to work effectively would have to keep track of IP and MAC addresses, and probably local hostnames, and the logged on user, in order to correctly identify and remember a user's preferences.
Is that not more of an invasion of privacy, and more likely to be abused, than writing a text file into your user profile?
Hmm. In theory yes the ICO is under UK law that HAS to transpose the EU directives. Without knowing the details of the enforcement clauses and mutual arrangements however normally enforcement process, priorities and resources are up to the individual Member states as that is not a Commission competence (in the legal sense, not the skill sense, though that too as it happens). The Commission and related EU authorities don't get much of a say on domestic prosecution priorities.
As long as a lack of enforcement wasn't discriminatory or affecting cross border business in particular then there is actually little to prevent very low levels of enforcement of an EU directive transposed into EU law. The trick is not to ask the Commission for a derogation. The UK does tend to 'play fair' and attempt to enforce the law - with good reason as it makes us more influential over all though it does affect our ability to negotiate sometimes.
As to the issue of companies being more involved in the early stages of EU law the problem is that the EU process is full of ideas that may or may not make it to this stage which can take a decade or more (I first objected to a cookies law something like fifteen years ago when in DTI). Data protection, website accessibility, European accessibility act, any amount of ideas on financial services, standards regulations (those are actually a good update), public procurement (in draft forever it seems) are all alive plus many, many more. Discussion documents are often confidential and interservice consultation makes it very difficult to have confidence any points will be heard. Then add in the tripartite co-decision process of Commission, Council and Parliament - each with their own incentives and agenda. On top of that add in that businesses are often conflicted - many types of business benefit from poor law - erm especially law firms - many would like their domestic market protected over single market benefits and so on.
It is actually often much easier to talk to the UK gov who can filter, criticise and negotiate with other MSs better and they should have more and better resources prioritised (ie not more resources per se!) to the EU process , especially early Ministerial intervention. Currently laws derived from the EU do not count to the UK Government's deregulation targets and one in one (plus a bit ) process, which is itself rather flaky. That's an invite to not prioritise issues that will then become unavoidable during someone else's tenure in the next parliament.
Sorry I appear to have ranted - a little more balanced here : http://www.hypothetical.org.uk/?p=81 .
In general the more simplistic issue is that regulatory affairs is an expensive, highly intensive process that eats into the knowledge base you employ for other matters, whether it be management time or R&D. Organisations like CBI, Intellect and Digital Europe pool resources but that creates a consensus making and administrative burden and the odd conflict of interest again. A very small amount of resource from mostly large multinationals largely pooled with or competing with one another is involved but even then it is very hard to make the business case for even the obvious high impact issues in the EU owing to the very long timescales and slim chances of high impact. A round of applause is deserved by those that have successfully improved many a law from SMEs and individual interventions over and above their day jobs and our officials who wrestle with negotiation fatigue on a perpetual basis.
Ultimately our law makers in the UK and the EU have given relatively little attention to how to permanently improve the process of making law.
There are of course many problems with this.
First, why did some previous idiotic bumbling buffoon sign a blank cheque saying we will implement anything they say. The EU could enact a law saying all UK males must be castrated and the first born of each family drowned in the north sea and some paper w****r will copy it into UK law and send the police out to enforce it (as long as they aren't busy doing speed camera duty on the nearest motorway).
Second, when every other EU state ignores the vast majority of the laws and regulations do we continue to impose them? The French still won't let our beef and lamb in. The 'best value' decisions in other EU countries don't seem to prevent them buying exclusively home produced products with their tax payers money - where as for us it seems to prevent us buying anything made in the UK. The EU says all contracts have to be in the EU Journal, only the British put it in their and don't tip off the local supplier with the details of the contract - everyone else makes sure the local supplier knows and occasionally (only occasionally) publishes the details in the EU journal
Third, why the hell are we paying year in and year out a bloody fortune for this crap? We can (and would as unsuccessfully) trade with europe from outside this mess and save ourselves a fortune in doing so. If you don't believe me look at Africa, India, China, Russia and the USA - none of those are in the EU and ALL manage to trade comfortably with all states in the EU. We don't get any lower trade barriers or any other benefit from our membership. Geographically leaving will make no difference to our position, economically it will make us better off and more competitive.
Well I wasn't around when we joined the EU and the free trade is good (and if you are in EFTA you get the directives without a vote) but to your points (and i'm largely eurosceptic as it happens):
Firstly the EU can only produce rules within the competencies granted to it by Member states. I think castration might be pushing the social chapter rather. Although the commission has little ability to assess enforcement notification of transposition is compulsory - so no doing that will give rise to a probable fine.
Second. According to these guys http://beefandlambmatters.blogspot.co.uk/2012/06/british-beef-toast-of-paris.html 'the value of fresh and frozen beef exports to France has also been on an upward curve – worth £12.5 million in the first quarter of 2012' - I'd guess they'd know. The Official Journal of the EU (OJEU) is stuffed with tenders from around the EU - famously the Eiffel tower was painted by a British firm. The UK pioneered the framework or catalogue process to pre-clear a small subset of vendors and then handle call off contracts that may or may not be competitive and may or may not ever be publicised in advance (or ever before the current transparency regime) - but certainly not published in the OJEU. When it looked like that process would be subject to infraction proceedings the UK negotiated for it to be written in to the last procurement directive. Again its the level of compliance that is the issue not black or white. Worth noting that in the UK the full process takes anything up to 18 months, the Netherland's averages around 6 months.
Three - good question - what happened about reforming the CAP! We do get a voice in making the trade barriers ( or single market in goods as it is otherwise known :) ) whereas everyone still has to comply to get access. Take a look at all the CE markings and ROHS compliance stickers around the world - even in their domestic markets as it is too expensive to run multiple manufacturing lines.
There has been a lot of hyperbole about this - and it is good to see a more reasoned approach.
The EU law was written in 2009 - the time to complain about it was before then. Now it is too late. And whose fault is that? Mostly it is the digital industry itself that failed to engage over growing concerns over privacy.
Now we have some new data protection laws being drafted which could actually make things even harder for website owners - who of the complainers has even tried to get involved in that debate?
The cookie law was intended to improve privacy. The way it has been implemented in the UK at least, has not really lived up to this ideal.
Maybe it is time for our industry to stop moaning, and start asking itself what can be done to improve privacy, comply with the law, without breaking the web that we have.
It should not be that difficult. Just channel some of that pointless negativity into practical action.
...and it's not our fault you didn't object to the plans for the intergalactic bypass, either.
"Now we have some new data protection laws being drafted which could actually make things even harder for website owners - who of the complainers has even tried to get involved in that debate?"
To echo fridaynightsmoke's point, what law is this? Can I have a link please to see if it's one I've already heard of or another new law I need to try to keep up with?
Of course there is another way.
If ALL the sites just agreed not to implement this just what would the government do? Each site argues in court, each site has to be taken to court... the hassle for the legal system would break the system totally.
Similar applies when we are told we must only use metric weights, or must pay car tax, pay for car parks etc etc it is up to us to show 'democracy' by democratically deciding to tell the thieving and fibbing gits 'in power' who really is in power.
Pretty much ALL UK websites have failed to implement the requirements of this UK law.
It is plainly impossible for ICO to police this law without relying almost entirely on the general public sending in complaints of sites they think don't comply. I'd possibly expect more complaints from the general public about these annoying new popups that have appeared on popular sites...
Google 'New EU Data Protection Regulation' - lots of negotiation going on at the moment between governments and the EU on the wording of this.
look for 'explicit consent', 'right to be forgotten', right of data portability.
Cookies are small text files that are used to spy on internet users
Umm, I've fixed your fix for you:
Cookies are small text files that keep you logged into The Register, Yahoo/Google/Live Mail and any other online web service that maintains some form of session or preference.
Fixing a fixed fix:
Cookies are small text files that keep you logged into The Register, Yahoo/Google/Live Mail and some other online web services that maintains some form of session or preference. It doesn't have to be done this way although it is the easiest (it's really a bodge around HTTP being explicitly stateless). They _can_ be used for spying, but the one bit of social good the spies have given to society is using part of the oodles of money they glean from doing so to keep a huge part of the world wide web free to access (as in without charge). Cookieless sessions are perfectly possible, but can be a pain for other reasons.
"Cookieless sessions are perfectly possible, but can be a pain for other reasons."
By "maintains some form of session", that was implied as between browser sessions. Obviously the browser can hold a session/authentication token in memory and pass it as a HTTP header, POST data, or heaven forbid a URL parameter to get around the stateless nature of HTTP.
If however that session is to be maintained between browsing sessions then cookies are required, or you have to depend on a browser that will save the session data itself, which you can't be guaranteed of and would make for an ugly solution.
All cookies are blocked. Flash ain't allowed to store LSO's.
If your website don't want to work because of my choices, tuff for your website.
I'll take my business to your competitor!
Goodbye and good luck.
Has anyone else noticed that the mojority of websites have turned this cookie warning in to "if you want to use our site accept whatever cookies we want, otherwise our website won't work for you"?
So it's become pretty pointless.
"if you want to use our site accept whatever cookies we want, otherwise our website won't work for you"
It's all very well to take one's business to a competitor, but when all the competitors do the same thing as well simply because the benefits outweigh the costs, and there's no other way to replicate the required functionality, what are you going to do? Stop going online completely?
"when all the competitors do the same thing "
It's easy enough to delete all cookies and open new browser sessions.
It's easy to get around, if you REALLY need to use a particular website.
Your business loses out, not me. If the board knew, heads would roll.
We do know.
And we also know that users like you make up a tiny minority of our customers, and are extremely unlikely to click on our advertisements (you're probably running an ad blocker too) or buy something that you can download for free anyway.
You're simply not worth the effort.
We'd rather create an enjoyable experience for the other 99% of our customers
I'd like to add we work very hard to minimise the number and intrusiveness of cookies on our site. I don't expect anyone to believe me though. Flame suit on.
Lol. Only since I blokced all cookies and ads has any website started to become even slightly enjoyable.
And as far as the 'but when all sites wont let you in until you allow cookies/java....where will you go" scenario - at that point some bright spark will say 'hey, what if we we DON'T force cookies/java etc...we'll clean up'. And the rest of you will say 'why didn't we think of that'....of course you could always not piss of your potential customers in the first place....just an idea.
PS. I look forward to the day when ITV won;t let you watch the second half of a TV program because you went to make a cup of tea during the commercials.....you may start to think like the rest of us when that happens.
"Lol. Only since I blokced all cookies and ads has any website started to become even slightly enjoyable."
Ah yes, because we serve a couple of unobtrusive adverts on our totally free to use website purely to annoy customers. It's not like we have to pay for equipment and staff or anything....
".....you may start to think like the rest of us when that happens."
Really, I don't understand why you feel that you are entitled to get anything you want for free. It'd be a crazy attitude in real life - why is it acceptable on the internet?
Anyone want to give their reasoning behind the thumbs downs?
"Anyone want to give their reasoning"
I can't speak for anyone else, but in my opinion you may need to work on your customer engagement skills.
The trouble is that I have tried engaging with this type of person many times before, but to me it still seems an odd attitude to think that every website should cater to their exact requirements precisely. Nobody expects that of every shop they visit.
If a person walks into a newsagent every day, reads all the magazines, and then walks out - is that person really a customer? When the 'customer' is challenged by the shopkeeper they then threaten to take their business elsewhere. What should the newsagent do? What can a website do when it that situation?
We try really hard to appeal to as many customers as possible - however we cannot please everyone. Ideally we'd have a site that 100% of people like, but realistically we cannot do that, and we cannot spoil the site for the 99% because of a very vocal minority. It's a compromise. It's easy to complain - a lot harder to come up with a solution. I am always open to ideas, but the people who complain rarely give feedback on what we could sensibly do to improve things.
The problem is the word "informed"
No offense but 90% of the population would fall asleep if you even tried to tell them the basics over a pint, yet alone force them to read some text on a screen they will either press X or shit themselves thinking you have stolen their identity.
There are far more scary things that the ICO should be looking at.
Back on topic though, when has the EU ever listerned to anyone who is not covered in cash like the Googles, Microsofts and BTs of the world who can do what they want anyway, flouting laws as they see fit.
SME's may as well talk to a brick wall for all the good it would do them.
Yet one more "expert" getting airtime backed off doo doo talk
"There are far more scary things that the ICO should be looking at."
Yeah - who gets what on a mobile phone (due in part to Google's way f'ked up so-called permissions). Cookies pale into insignificance with an app that gets easy access to your phone number (sort of required if the app needs to suspend activity during a phone call), not to mention the shit that many try to slip under the radar - location, address book, known accounts, blah blah. As I said elsewhere previously, this is a take it or leave it (you can't take an app but tell it NO to accessing address book, for instance); essentially the Android permission system is badly broken almost to the state of encouraging the lifting of data. Gee, there's a surprise...
"when has the EU ever listerned to anyone who is not covered in cash"
They actually do. The problem is that it can be so frustratingly difficult to know how to get in touch with the right people (something which, granted, companies covered in cash can pay someone else to do). When you do reach them though, and assuming you have something minimally intelligent to say and are able to present it clearly, they do listen. In my experience at least, and yes, I was a bit surprised.
Me and my Friends just happen to have Ninja kit and can easily make tatical black feather dusters....if someone can loan us a Blackhawk we will call this bluff so hard!!
Maybe tie him to his char with Duct tape...sorry Ninja tape....then crush a cookie in front of him before tickling him mercilessly...I think that will get the message across...
Me: Erm you do realise that we have an EU no smoking ban.
Them: Erm sure
Me: and this is a cafe in Brussels
Me: So you aren't allowed to smoke!
Them: You English you have to follow the rules don't you.
Me: That is what they are for.
Them: Silly English
The root problem is Britain cannot make up its mind if she wants to be in or out of the European club. Her wanting the advantages but none of the disadvantages shows she's not a team player and others in Europe can plainly see that. In putting self interest above collective interests we end up being side-lined and treated with contempt, our influence neutered.
Until we shake off our arrogant and supremacist attitudes and obsession with sovereignty we'll never fully be part of the European venture, at one with it. We won't be in, we won't come out, and in our trying to have our cake and eat it we have a complete mess, which we blame Europe for rather than recognising ourselves as the problem.
On the other hand we do do the right thing; where legislation exists, we will enact it. Though I sometimes think bad legislation is embraced and enforced simply to further anti-European sentiment rather than fight to make it what it should be and government doesn't seem to be adverse in passing the buck for unpopular things it actually supports.
"...we have an EU no smoking ban..."
You work for the Daily Mail and ICMFP.
A fine story, spoilt only by two tiny details: (1) there is no such thing as an "EU [no] smoking ban", and (2) Belgian law allows smoking in cafes - though admittedly it's supposed to be in a separate room from the one where the food and drink are served.
Sorry mate, but as has been pointed out below, sadly there is no such thing as an EU-wide smoking ban. Unfortunately for me as I have to put up with the backwardness of Germanic and former Austro-Hungarian countries in this regard.
However, if you're going to complain at a minimum you need to get your facts right.
The cookie law is another example of well meaning but completely ignorant Eurocrats trying to pass a law to control something which they don't really have a clue about and then the British Government trying to gold-plate it and tell everyone "this is what you must do because we have to show the rest of the EU how it's done!"
Meanwhile, of course, much of the rest of the EU is looking at it and thinking "Sod that for a game of soldiers, ignore it if you like", so we end up wasting money whilst they just get on with business as usual.
some legitimate sites will put put 60 or more cookies on your computer. This is unjustifiable.
I can appreciate the need for a banking site or a forum or any site where you need to log in my need to leave ONE cookie - this is not a problem for anyone.
But the fact that most sites leaving more than one cookie do so to spy on you, to steal personal info, such as surfing habits etc, which they then sell without your permission to greedy morons who will use it to try and sell you their crap (it must be crap, as if it were quality it would sell and they wouldn't be so desperate to find any means to increase sales).
Some sites use the "If you continue to use the site, we'll assume you're happy to accept the cookies anyway." - to which we can 'assume' that the webmaster of the site is a moron with no real knowledge of how to interact with people and so makes huge mis-assumptions as obviously the majority of security aware users are "NOT happy to accept the cookies anyway" and only a moron or conman would 'assume' otherwise.
Therefore, we are forced to accept compromise, or screen every cookie (which is time consuming, but at least it builds up a blacklist and shows you whether or not a website has integrity and respects it's users or not.
I'll accept one cookie, any more is really unnecessary and an unacceptable compromise
Session cookies to remember that you have logged in are of course perfectly legal. A tick-box option to remember your login details next time you visit is fine as well, though to be sure it is legal you should probably add a short half line explanation that ticking this box will save the login details on your computer. People would chose not to tick this box if for example they were using someone else's computer, or they know that other people use their computer.
One example I noticed recently which is not OK:
This was on a freshly installed computer that I was using for the first time since re-installation. I had been tracked without being given the opportunity to opt-out never mind being asked if I agreed to it. Imagine, if while I was in Tesco, someone came up to me, shoved a leaflet in front of my face, and told me that I was looking at this item in another shop earlier in the day, would I be interested in buying it. This is what these people are doing on the internet. It is not acceptable behaviour.
That is just not acceptable behaviour, either.
" Cookies are small text files that record internet users' online activity. "
You'd expect better from a site specialising in IT.
Oh, and for the people slagging off websites that require cookies, you tell me how you'd like to interact with MediaWiki without having a cookie to log in? Or maybe you'd like to have everything like a forum I know that uses sessions, so every time I use it on my mobile I have to log in each time the signal drops out. Kinda sucks on a car journey...
It totally distracts you from the driving!
Way to miss the point.
If web designers hadn't abused the use of the cookie in the first place we wouldn't have neede this useless law. But they did - all under the heading of the 'improving the user experience' bullshit.