UK cookie law compliance takes effect today
From today the UK's Information Commissioner's Office will begin enforcing the EU's revised ePrivacy Directive that requires website owners to be upfront with their users about the information they collect. The so-called cookie law was implemented on 25 May 2011 by Brussels officials, but getting the legislation transposed …
This topic is closed for new posts.
Yawn...
Another Bloody Stoopid already out of date Law made by a bunch of archaic idiots who couldn't collectively find there own arse-holes with the help of written instructions...
Over-complex
This has not been thought out well. The vast majority of web users will not know what a cookie is and now will be bombarded with these confusing pop-ups. Actually, many of us who DO know what a cookie is will be confused as each website is different and uses them differently.
I also hate the word "cookie". It's one of those things that sounds like an American geek named because he thought it sounded cool, rather than it being a sensible and descriptive name.
Re: Over-complex
"I also hate the word "cookie". It's one of those things that sounds like an American geek named because he thought it sounded cool, rather than it being a sensible and descriptive name."
You're probably right. Just thank your lucky stars it wasn't a British geek or it might be named "bread".
Re: Over-complex
Why 'bread'? I don't get it.
'Biscuit' would be the UK equivalent (even though we do use the term 'cookie' but only for the chocolate-chip /maryland biscuits).
PLUS - if we used 'biscuit' we could have special versions for wireless connections called "air biscuits' - :-)
Note to USians - "Air-biscuit" is a term some people in the UK use for 'fart' - maybe you do too, dunno.
idiocy compounded
I still dont get where the widespread outrage and demand for cookie laws was?!
And typically rather than being a truly free choice, it's simply another checkbox EULA to obtain a service. So, in effect, they've taken a browser option that everyone mostly turns off, and switched it to a server-side option that is inconsistently implemented and difficult to turn off.
Yet everyone is still going to need to accept cookies!
Well done ICO! Now perhaps you can tackle that malware that installs and drops you're dialup connection and reconnects to a premium rate number, now that everyone uses broadband routers.
Or perhaps you can force email providers to spam our inboxes every time we receive some junk mail to warn us that by using their email service we accept we may receive junk email from time to time. In fact don't let us view our inbox till we've clicked OK. Every. Single. Time.
Re: idiocy compounded
It's worse than just a shrink wrapped EULA though because the absense of cookies does not make the kinds of tracking this is meant to avoid impossible at all. (See https://panopticlick.eff.org/ for how many bits of information you're offering everyone)
My problem is those who comply will implement it badly.
Even the register has done it badly:
1) Where is the "No I don't agree, but you have permision for one cookie to remember I don't agree" option?
2) Because of (1) you have litttle choice but to agree on some devices because the info window obsures some of the content.
I expect some sites will deliberatly have problem 2 to such an extent they're completely unusable unless you agree.
Re: My problem is those who comply will implement it badly.
It's also done badly here because the message keeps coming back, every time I visit. I really am "fine with this", you know! Or is this intentional, to show the folly of the legislation? Either way, I shall soon become blind to it or any other warnings of its ilk anywhere else on the web.
Pants
What's stupid about this is that there's no stipulation as to the wording of the warning that is presented to users. So it will end up being some sort of positive vibes "accept cookies to help us make our website better" message to which users will blindly click "yes". Similar to the way everyone blindly clicks "yes" to the 200 pages of terms and conditions when installing software or signing up to a website. Eventually all you will have accomplished is wasting peoples time and money with another layer of beuracracy that the user largely ignores and that is largely unenforceable.
If the warning messages had to describe the purpose of the cookies that were being installed then that would be better. Or break the cookie options down into categories of "required for correct operation of this site" and "other analytics/demographics" etc. Most people would have no problem with cookies if they're just for keeping them logged in. It's the nasty tracking ones that some people don't like.
How is your preference of not accepting cookies stored? I suppose you just provide annoying messages/alerts to badger the user until they click "accept".
Can't wait to see what happens when client-side storage in HTML5 starts being really used for naughtiness!
Re: Pants
"So it will end up being some sort of positive vibes "accept cookies to help us make our website better" message to which users will blindly click "yes"."
I've just visited the ICO website, www.ico.gov.uk. Here's what it says at the top of the page: "The ICO would like to place cookies on your computer to help us make this website better. To find out more about the cookies, see our privacy notice."
Re: Pants
Exactly. If the ICO is attempting to act as a best practice benchmark in the implementation of these new regulations, then that's hugely concerning and just portrays the legislation to be incredibly vague and therefore ultimately useless.
Goodness knows how many applications I've got out there using session cookies that I'll probably have to retrofit for compliance.
EPIC FAIL
http://www.ico.gov.uk/
Click on the privacy policy -
Firefox tells me:
The page isn't redirecting properly
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
This problem can sometimes be caused by disabling or refusing to accept cookies.
FAIL!
Re: EPIC FAIL
Seems to work now but still, that's classic FAIL! I am giving them another FAIL point too for having a beige-ish website - what do they think it's the 70s or something! I feel like I'm in an episode of Life up Mars's Arse going to that site!
stupidity
there is no known cure for stupidity and the creators of the regulations definitely need one... alas.
* The site has to store the cookie acceptance in a cookie, itself (baring client cert but in such a case no cookies are necessary either way)
* Most people will read least understand what cookie means, besides the fact they like cookies (I don't but it matters not)
* Sites may just decide to utilize tracking by IP and long keep-alive (i.e. IP+port, i.e. permanent connection)... or URL rewrite. The next time a user arrives on the site, the IP is a good guess +- the interested links, etc... even more sophisticated tracking algorithms
* Back in the day when Netscape invented the cookies they were a neat idea, now they are bastardized to no end - leave the sites a single cookie and only cookie for the originating site and a lot of tracking/privacy would be enforced w/o hampering to a great extend the "web-experience"
http://www.guardian.co.uk/technology/2012/may/26/cookies-law-changed-implied-consent
Cookie safeword
I would rather have a consistence way across all websites and across all browser to deal with this - this is going to get on my tits! I do hope it doesn't become tempting to use a VPN or proxy via another non EU state because of this shit!
I think the whole reason for the ICO's softly, softly fiddle with a monkey approach is that they know it's going to be an epic screw-up all round but they are just not sure exactly how. They do not to me seem like the sort of dudes that can effectively plan what their having for tea let alone the future of the interwebz and personal information in general!
I'm plonking a Paris on this as I actually genuinely think she would have come up with a better solution!
Oh cr#p
Just had that indian tech support centre call.. you know he one
"Hello this is tech support your computer has been infected with cookies"
Just bloody annoying.
Now I have to put up with a stupid banner every time I visit El Reg, and other sites, because some twat in Brussels was told it was a good idea?
Wow, yeah, great, way to save the world Eurocrats. Shouldn't you be, I don't know, trying to find a way out of the economic crisis rather than this bullshit?
The Reg mobile site (as well as reghardware, channelregister) is asking me every time I load a page (Android, Dolphin). Quite annoying.
Oh yes, and while I'm on it, when are you going to fix the "1 comments" bug on the mobile sites?
Boo, no Reg tombstone any more. I hereby withdraw my subscription etc.
I should clarify that I have Dolphin set up to accept cookies by default.
Problem exists between keyboard and chair...
I think we all know what the average user does when (especially security) warning messages appear: "Whatever!" - and click ok, yes, or whatever option provided in order to get to the content/functionality they wanted.
The more warnings they are confronted with, the lesser time they take to read them. Clicking ok becomes a habit.
And that's where the huge door for malicious stuff opens...
Re: Problem exists between keyboard and chair...
Totally agree, and soon someone will come along and exploit it.
It minds me when less tech savvy people realised that you just need to click next to install software, and then they started bundling in toolbars with the software installation.
The amount of PCs I've had to repair for people with dodgy toolbars or unwanted toolbars, just because they didn't read the text before clicking next.
BBC - Non-Compliance - Make an example of them
BBC is deliberately misleading public
claiming a "Strictly necessary" rating
for optional non-core addon services cookies.
See details at - http://www.bbc.co.uk/privacy/cookies/bbc/strictly-necessary.html
NB
That list only provides "Examples of"
rather than a fully explicit listing.
Seriously El Reg
The best you could do is "I'm fine with you setting cookies" ?
Where's the "I don't want any cookies from you thanks" option?
Cookie blocker time.
Re: Seriously El Reg
Simply think of a website like a shop that the shopkeeper owns. The shopkeeper stipulates that you place your wet umbrella in a holding area or if you don't they won't let you enter the shop. The shop keeper owns the shop so can lay the ground rules up to the point where it breaks trade rules of course. (e.g. give me your purse while you shop)
Essentially this law will (like El reg) just make sites tell you to accept cookies OR just not visit the site. 99% of the time people are going to accept the cookie by continuing to browse accepting the El Reg banner near the bottom.
I sort of half half agree in that the idea for the law was good but the implementation is soooooo terrible that it basically now comes down to site owners saying accept my cookies or sod off.
Adsense and Analytics users are going to be stung the most and a lot of the tracking will now be moved server side which no one has any control over. Just to give you an idea, server side tracking can yield pretty accurate tracking since most web browsers give off a lot of information that can be stored server side.
I will essentially do the same with my sites now. Take the cookie or go away based purely on the Google Adsense perspective since removing them would kill the site. Unless of course there is a way to implement adsense to not use cookies and display just random ads.
The implementation should have been left with competent technical people and not the damn monkeys currently running the EU
Facepalm, because thats what EU parliament is like 24/7
It's all bonkers
This cookies directive doesnt solve any problems.
So it's all about privacy, and not wanting your activities tracked online. The problem is that the reputable companies out the track anonymously for the purpose of improving their service,or earning some revenue for the service they provide for free. For example, el reg is provided to us for free, but it costs money to put this sort of service together. Someone has to pay for it.
Now, I doubt the less reputable companies out the are going to change their tactics, so a total fail there.
Secondly, what is it we are worried about? Walk into any shop in the land, and your shopping habits are logged, through epos. It's anonymous, but the shop owner knows how many people bought product x. Also, if the shop keeper wants to keep a tally of the number of customers who look at promotion y, he doesn't ask permission. I high steers up and down the countr footfall is monitored, and have you ever been asked permission?
Just because this is online ,doesn't mean there should be different rules to the real world.
This has just made life harder for small businesses, and done nothing to restrict those who do take advantage of the system.
Total fail.
How long before this happens?
1. Person clicks a link / visits a spoofed site.
2 .Person clicks the I accept the cookie
3. Malware downloads in the background
Also
the ICO site tells me
"You must tick the 'I accept cookies from this site'" if I click continue without ticking the check box
Must I? PAH!
Cookie What Now?
Didn't we go through all this cookie paranoia nonsense in the 90's? And in the 00's?
There's a bloody setting in virtually every browser to stop the menace of cookies. I don't expect people to know the ins and outs of exactly how their browser works, but I do expect them to read the fucking manual.
Reading the manual solves an awful lot of problems. Such as cookies (which seem to be a problem for some people).
Read what FM?
Didn't manuals for software go out back in the 90s? Or maybe earlier?
These days if there's something you need to know I think you Google for it. But you have to know there's something you need to know first... Even then, you'll probably find a description for another version or another platform that's years out of date.
Don't believe the hype
The ICO's claim that they're going to start issuing fines is a joke! They don't take any action under the Privacy and Electronic Communications Regulations 2003, they won't take action against a company for contravening section 11 of the DPA 98 but now they're going to start issues fines for non-compliance of cookie law. If so then it's a travesty!
If they're going to take action at all then they should be prosecuting companies for failing to comply with a section 11 request because this is a for more serious matter. If an individual submits a section 11 request to a particular company then it stops all marketing; including cookie-based targeted adverts
I've submitted two complaints about my bank failing to comply with my section 11 request the ICO have told me that prosecution for this kind of contravention is something they don't want to pursue. But what...they're now going to take action over friggin' cookies?
Please explain the double standards ICO.
www.mindmydata.co.uk
New Definition of Informed Consent at Reg and BBC
"If you continue to use the site, we'll assume you're happy to accept the cookies anyway."
Reg and BBC obviously have a new definition of informed consent!
The relevant item from the ICO guide;
"The Regulations require that users or subscribers consent. Directive 95/46/EC (the Data Protection Directive on which the UK Data Protection Act 1998 (the DPA) is based) defines ‘the data subject’s consent’ as:
‘any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed’.
Consent must involve some form of communication where the individual knowingly indicates "
their acceptance."
Not no action = consent
BUZZZ, TRY AGAIN!
Re: New Definition of Informed Consent at Reg and BBC
Depends, El Reg has made a visually noticeable banner that is more prominent on mobile devices too. They have said if you continue to browse (your action) then you accept the cookies. The no action statement would be if the cookie explanation was in a hidden page and having you browse to it which by then you accepted to cookie unknowingly.
Why put an "I accept button", just tell the person on the next page visit they get a cookie OR tell them to leave your site. The intentional next page visit of the site visitor is an informed consent. Although sites are available for public viewing they are still owned by the site owners so its not your "right" to view the site but a privilege the site owner has given you since they are running it.
Thats the problem with this law. There are so many ways to wiggle out that it becomes totally ineffective and the big name users like Google and Amazon know it. In my opinion if they want a proper cookie law, scap it and start fresh while involving technical minds in the discussion and not their neighbour or family members because they like them.
TL;DR
Your reading the sign and then continuing is an action on your part so can be classed as informed consent.
This topic is closed for new posts.
