back to article UK.gov to miss another deadline on privacy

The UK government will not have its regulatory house in order by 25 May when a new EU law on cookies come into force. At the same time, the Information Commissioner's Office is warning businesses to be ready for the changes, even though the government's own guidelines won't be published until after that date. Under the …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    (untitled)

    How is it an "unnecessary burden"? Surely all they do is to drop the sending of cookies to folks' PCs until they work out how to ask permission. Simples.

  2. Anonymous Coward
    Flame

    If they weren't so busy

    messing with our rights to free speech, they might have hit the deadline.

  3. Anonymous Coward
    Alert

    Flash cookies

    I guess this won't include flash shared objects.

  4. Anonymous Coward
    Anonymous Coward

    Yeah, right.

    "the ICO was concerned that it could also 'cause an unnecessary burden on UK businesses' "

    Woudn't it be a darn sight more accurate to say "We're totally incompetent to even think of dealing with this - just look at the complete balls-up we started with our never-ending inaction over UK ISPS who routinely intercept people's browsing for commercial gain."

    Fuckwits, to a man.

  5. Anonymous Coward
    FAIL

    UK gov stuck in the 20th century

    You can't honestly expect any sort of technological savvy from these people. Even the Department for INNOVATION and Skills is still using IE6!

  6. The Alpha Klutz

    cookies?

    really?

    so you want to censor the internet and log all of our personal correspondence in a government stalkabase, but you CARE about our privacy so you are going to restrict the use of cookies? Wow. *slow clap*.

    Maybe stop this fear mongering about cookies (because that's what it is) and actually EXPLAIN what they are and what they do. Not just spew nonsense like "tracky advert behavioral website file linky download" that only serves to make people confused and frightened. THEN you can work on restricting their use (note: I'm not saying this is necessarily a bad thing)

    Shit a brick.

  7. Anonymous Coward
    WTF?

    "websites that track their users' cookies"

    What does that actually mean?

    It is not clear from the article and I'm damned if I'm reading the whole instrument in order to find out this basic explanation.

    AFAIK, a website only ever has access to the cookie(s) that it creates. There is therefore no mechanism by which a web site can determine the existence of or read the information stored in cookies from other web sites.

    The potential risk to privacy stems from third-party cookies that can allow an ad network (I.e. Google) to track pages that a user visits across large parts of the web.

    Does this or does it not affect every website that employs the use of cookies? Or, as would be more appropriate for the threat, only ad networks that use third-party cookies?

    Is every web site really going to have to ask every anonymous visitor 'is it ok to use cookies?' - to which many will answer 'no', leading them to then complain that the web site or the Internet is broken?

    1. stratofish

      Title

      Cookies are valid below a specified folder on the domain. If you (as a website) ask for it to apply to the root then any other site/app on that domain can read it.

      Ad cookies work by switching to another domain in an iframe so it can set it's own cookies and read them back from another site.

    2. David Hicks
      Black Helicopters

      A website does indeed have access to cookies it creates

      Now think about the average website. That facebook 'like' button is a script brought in from facebook that can set and read cookies, regardless of whether you have a facebook account, they can track you across anywhere with such a button.

      A lot of pages bring in stuff from google-analytics, and that gets to set/read a cookie also.

      And then there are the ad networks, and the bigger ones will have content across millions of sites. Hell, this very 'reply to post' page brings in scripts from doubleclick (google now, I believe).

      So it's not as simple as cookies only being set for the site you're on, it's cookies being set for hundreds of sites you never visited explicitly but were brought in anyway.

      Take a look in your cookie dialogue in your browser. There will be hundreds. This is why I recommend use of the "Cookie Monster" extension with firefox, it lets you control this stuff and switch off third party cookies while allowing the first-party ones you need to make the sites you actually visit work correctly.

  8. Anonymous Coward
    Paris Hilton

    But....

    How do we track users that have selected "no" so that we don't have to keep asking them on every page? Can we store it in the session... or do session cookies still count as cookies? In which case we'll have to just pass the session id along in the url... nice and secure :D

    Paris, because she always gives permission to access her cookies.

    1. David Hicks

      That would be the "do not track" header, surely?

      That the browsers are now putting in place.

      Or you could, you know, not track anyone until/unless they actually log in to your site having clicked through your terms of use. Casual browsers should not be tracked by default.

      Why does everything need a session? And why is it a problem to have a session in the URL for most online activites in which any sort of session security is secondary?

    2. Anonymous Coward
      Anonymous Coward

      sessions use cookies like you said

      which is why I see this as being a complete balls up.

      you can use cookieless URL's but everythings going to have to run through an encoding and/or encryption and its easily broken because how many people never click back or use bookmarks or other browser aids to navigate?

      also that is a fairly major re-write on most sites.

  9. Anonymous Coward
    Anonymous Coward

    a simple competition - find an EU compliant site

    Be the first to find an official EU web site that meets the new directive.

    Easy, isn't it?

    To give you a head start, the official web site for the European Parliament Information Office in the United Kingdom , http://www.europarl.org.uk/, is FAIL. It doesn't ask permission to store cookies. It uses Google Analytics, like everyone else.

    Do sites that have already set cookies have to remove them if you don't opt in? EG HMRC sets a cookie with a 5 year's life time. Can I take HMRC to court for breaking the law at any time between when the government starts enforcing this directive, and 21 Feb 2016 when their cookie expires? (I want some of my tax back!).

  10. Anonymous Coward
    Boffin

    OPP (One page passwords)

    If a user tries to logon to a site and gets presented with "Would you permit this site to store cookies?" how many people are going to say "No" when it may as well read "Would you like this site to function correctly?"

    Unless the types of cookies that are allowed is clarified this is an insane waste of time which nobody will want "protecting" them.

    (Sarcastic icon for the ICO)

    1. David Hicks

      But that's exactly what it needs to say

      An online shop for instance, could not track until someone clicks an "add to cart" button, or a buy button. Then they say "we need cookies to carry on or the site won't work" and the prospective buyer then makes the decision.

      I'm not sure anything more than session cookies are required even then.

      A forum site which remembers the user via cookies could survive with session cookies if it made people log in every time, and be login-free if the user agrees to persistent cookies.

      There are many ways to minimise cookie use, and there are many ways the user can be told (or asked) "cookies or no site for you".

  11. david 63

    Should this even be the business of government?

    The EU seems to be getting itself in a right little tizzy about internet privacy.

    I suppose it is an easy target.

  12. Matteh
    Thumb Down

    well prepared

    http://www.europarl.europa.eu/news/public/default_en.htm

    ^ I see they are well prepared for there own laws...

  13. Hoodlum
    Thumb Up

    @Your Retarded

    Thank you for succinctly summing up the situation. This entire thing could be cleared up by just educating people to block 3rd party cookies.

    Oh, and I'm guessing the username is ironic?

  14. Ian Tresman

    Very poorly thought out

    This is the worst Website law I have seen in a long while, based on a complete misunderstand of cookies and privacy.

    My websites store NO personal information about visitors. On the other hand, a visitor's Browser may store some information in cookies, on their Browser, but it is not personal information, and no private information is involved.

    For example, a cookie called "javascript" may contain the value "true", and be related to the Web site www.example.com. When you visit the site again, rather than go through a relatively length process of detecting whether you have Javascript, it simply checks the cookie for the site, giving your a smoother and quicker visit., But as can be seen, there is no private information stored, and the site www.example.com can not check cookies from other sites.

    I checked through the 3000+ cookies stored by my Browser and found the number that contain personal information, such as my postcode: none. Or contain my telephone number: none. Or my name: 6 sites where I had provided my screen name.

    In other words, there is no privacy issue. And anyone with a modern Browser can block cookies if they wish.

    1. David Hicks

      You're missing the point

      It's not about whether the cookies themselves contain identifiable information.

      It's about tracking. It can be a random number in the cookie itself, but when half the internet brings in something from doubleclick or google-analytics then google and the other ad networks can track your browsing habits and get a good picture of everything you do online.

      Some people have a problem with this.

  15. Anonymous Coward
    Anonymous Coward

    Report EU Websites to the authorities

    We should all report to the authorities, any EU websites that fails its own laws on cookies, starting with the website for the European Union, http://europa.eu

This topic is closed for new posts.

Other stories you might like