back to article Want to avoid another cookie law mess? Talk to EU bods next time

UK businesses should actively involve themselves in the debate over changes to EU law if they want to avoid problems stemming from the way those laws are drafted, an expert has advised. Technology law specialist Luke Scanlon of Pinsent Masons, the law firm behind Out-Law.com, said that businesses can help law makers avoid …

COMMENTS

This topic is closed for new posts.
  1. AndrueC Silver badge
    Joke

    In order to respond to your complaint this organisation needs to store information about you. Will you allow us to do that?

    :D

  2. Silverburn
    FAIL

    Banning "evil" cookies on legit sites = a ton of work

    Evil sites not hosted in EU = completely ignore this, and continue to use "evil" cookies

    Ergo: law penalises the legit orgs and annoyy the user with cookie warnings, while the "evil" sites the law aims to target continue as normal. Joe Bloggs continues to have no idea what cookies are.

    End result? See icon.

  3. Conrad Longmore
    Thumb Down

    But..

    To quote a quote from the article:

    "Neither the UK Government nor the ICO have any power to ignore or change it on their own, however burdensome it may be, so long as the UK remains in the EU and chooses to honour its commitments as an EU member state"

    ..but then hardly any of the other EU member states have bothered to do anything at all, which is the norm. When most other EU countries are told to do something that they don't want to do, they simply don't do it and there never seems to be any sanction against them. Despite UK.gov's constant moaning about EU interference, it is one of the few governments that actually complies with this stuff.

    It *is* a tragic waste of time and effort. Now we just have a load of intrusive on-screen widgets coming up nagging about cookies which you can't always get rid of (especially on a mobile device). And the ICO has better things to do, such as actually enforcing action against REAL criminals who are doing evil things with our personal data..

    1. Dave 15

      Re: But..

      The UK government can ignore or change the law. We are NOT ruled by brussels. It is not necessary for us to draft laws which are far more intrusive than those drafted in other member states.

    2. Potemkine Silver badge
      Holmes

      Re: But..

      " When most other EU countries are told to do something that they don't want to do, they simply don't do it and there never seems to be any sanction against them"

      Never heard about the European Court of Justice, didn't you? Try "the european court of justice condemned " on your favorite search engine, it will give you a hint...

  4. Destroy All Monsters Silver badge
    Facepalm

    Rah!

    "Cookies are small text files that record internet users' online activity."

    If we start off with a bad description of what cookies are, and worse use the loaded words "record" "users" and "activity" in sequence, where do we hope to go from there?

  5. Anonymous Coward
    Anonymous Coward

    Annoying boxes are annoying

    I really don't care if sites store a cookie ... but if only there was a browser setting so those that do can disable or confirm if they want to store them... oh wait.

    #EUFAIL again.

    1. Anonymous Coward
      Anonymous Coward

      Re: Annoying boxes are annoying

      Not only that, I have NoScript running and barely see these cookie prompts because half of them require Javascript to interrupt you. See any support site hosted on custhelp.com for an example (BT e.g.). I wonder where they stand legally.

    2. Anonymous Coward
      Anonymous Coward

      Re: Annoying boxes are annoying

      #youarenotontwitter

  6. Alister

    Wouldn't it be better

    to spend some money and time educating web users about what cookies are used for, instead of trying to impose legislation which penalizes most legitimate site owners and developers, and is completely ignored by most of the companies it was supposed to stop.

    In my experience, talking to lusers, they all have this "Why is some one writing data to /My/ hard drive - it shouldn't be allowed!" attitude which has been fostered by the EU bureaucrats and privacy advocates, despite the fact that the majority of the time it is completely harmless and indeed beneficial to the user.

    What nobody in authority, or average user on the street seems to understand is that the alternative would be for each and every web server on the internet to store each visitor's preferences in some sort of massive database, which, in order to work effectively would have to keep track of IP and MAC addresses, and probably local hostnames, and the logged on user, in order to correctly identify and remember a user's preferences.

    Is that not more of an invasion of privacy, and more likely to be abused, than writing a text file into your user profile?

  7. chrisf1

    More industry input to the EU?

    Hmm. In theory yes the ICO is under UK law that HAS to transpose the EU directives. Without knowing the details of the enforcement clauses and mutual arrangements however normally enforcement process, priorities and resources are up to the individual Member states as that is not a Commission competence (in the legal sense, not the skill sense, though that too as it happens). The Commission and related EU authorities don't get much of a say on domestic prosecution priorities.

    As long as a lack of enforcement wasn't discriminatory or affecting cross border business in particular then there is actually little to prevent very low levels of enforcement of an EU directive transposed into EU law. The trick is not to ask the Commission for a derogation. The UK does tend to 'play fair' and attempt to enforce the law - with good reason as it makes us more influential over all though it does affect our ability to negotiate sometimes.

    As to the issue of companies being more involved in the early stages of EU law the problem is that the EU process is full of ideas that may or may not make it to this stage which can take a decade or more (I first objected to a cookies law something like fifteen years ago when in DTI). Data protection, website accessibility, European accessibility act, any amount of ideas on financial services, standards regulations (those are actually a good update), public procurement (in draft forever it seems) are all alive plus many, many more. Discussion documents are often confidential and interservice consultation makes it very difficult to have confidence any points will be heard. Then add in the tripartite co-decision process of Commission, Council and Parliament - each with their own incentives and agenda. On top of that add in that businesses are often conflicted - many types of business benefit from poor law - erm especially law firms - many would like their domestic market protected over single market benefits and so on.

    It is actually often much easier to talk to the UK gov who can filter, criticise and negotiate with other MSs better and they should have more and better resources prioritised (ie not more resources per se!) to the EU process , especially early Ministerial intervention. Currently laws derived from the EU do not count to the UK Government's deregulation targets and one in one (plus a bit ) process, which is itself rather flaky. That's an invite to not prioritise issues that will then become unavoidable during someone else's tenure in the next parliament.

    Sorry I appear to have ranted - a little more balanced here : http://www.hypothetical.org.uk/?p=81 .

    In general the more simplistic issue is that regulatory affairs is an expensive, highly intensive process that eats into the knowledge base you employ for other matters, whether it be management time or R&D. Organisations like CBI, Intellect and Digital Europe pool resources but that creates a consensus making and administrative burden and the odd conflict of interest again. A very small amount of resource from mostly large multinationals largely pooled with or competing with one another is involved but even then it is very hard to make the business case for even the obvious high impact issues in the EU owing to the very long timescales and slim chances of high impact. A round of applause is deserved by those that have successfully improved many a law from SMEs and individual interventions over and above their day jobs and our officials who wrestle with negotiation fatigue on a perpetual basis.

    Ultimately our law makers in the UK and the EU have given relatively little attention to how to permanently improve the process of making law.

    1. Dave 15

      Re: More industry input to the EU?

      There are of course many problems with this.

      First, why did some previous idiotic bumbling buffoon sign a blank cheque saying we will implement anything they say. The EU could enact a law saying all UK males must be castrated and the first born of each family drowned in the north sea and some paper w****r will copy it into UK law and send the police out to enforce it (as long as they aren't busy doing speed camera duty on the nearest motorway).

      Second, when every other EU state ignores the vast majority of the laws and regulations do we continue to impose them? The French still won't let our beef and lamb in. The 'best value' decisions in other EU countries don't seem to prevent them buying exclusively home produced products with their tax payers money - where as for us it seems to prevent us buying anything made in the UK. The EU says all contracts have to be in the EU Journal, only the British put it in their and don't tip off the local supplier with the details of the contract - everyone else makes sure the local supplier knows and occasionally (only occasionally) publishes the details in the EU journal

      Third, why the hell are we paying year in and year out a bloody fortune for this crap? We can (and would as unsuccessfully) trade with europe from outside this mess and save ourselves a fortune in doing so. If you don't believe me look at Africa, India, China, Russia and the USA - none of those are in the EU and ALL manage to trade comfortably with all states in the EU. We don't get any lower trade barriers or any other benefit from our membership. Geographically leaving will make no difference to our position, economically it will make us better off and more competitive.

      1. chrisf1

        Re: More industry input to the EU?

        @Dave 15

        Well I wasn't around when we joined the EU and the free trade is good (and if you are in EFTA you get the directives without a vote) but to your points (and i'm largely eurosceptic as it happens):

        Firstly the EU can only produce rules within the competencies granted to it by Member states. I think castration might be pushing the social chapter rather. Although the commission has little ability to assess enforcement notification of transposition is compulsory - so no doing that will give rise to a probable fine.

        Second. According to these guys http://beefandlambmatters.blogspot.co.uk/2012/06/british-beef-toast-of-paris.html 'the value of fresh and frozen beef exports to France has also been on an upward curve – worth £12.5 million in the first quarter of 2012' - I'd guess they'd know. The Official Journal of the EU (OJEU) is stuffed with tenders from around the EU - famously the Eiffel tower was painted by a British firm. The UK pioneered the framework or catalogue process to pre-clear a small subset of vendors and then handle call off contracts that may or may not be competitive and may or may not ever be publicised in advance (or ever before the current transparency regime) - but certainly not published in the OJEU. When it looked like that process would be subject to infraction proceedings the UK negotiated for it to be written in to the last procurement directive. Again its the level of compliance that is the issue not black or white. Worth noting that in the UK the full process takes anything up to 18 months, the Netherland's averages around 6 months.

        Three - good question - what happened about reforming the CAP! We do get a voice in making the trade barriers ( or single market in goods as it is otherwise known :) ) whereas everyone still has to comply to get access. Take a look at all the CE markings and ROHS compliance stickers around the world - even in their domestic markets as it is too expensive to run multiple manufacturing lines.

  8. TheCookieCollective

    Reason at last

    There has been a lot of hyperbole about this - and it is good to see a more reasoned approach.

    The EU law was written in 2009 - the time to complain about it was before then. Now it is too late. And whose fault is that? Mostly it is the digital industry itself that failed to engage over growing concerns over privacy.

    Now we have some new data protection laws being drafted which could actually make things even harder for website owners - who of the complainers has even tried to get involved in that debate?

    The cookie law was intended to improve privacy. The way it has been implemented in the UK at least, has not really lived up to this ideal.

    Maybe it is time for our industry to stop moaning, and start asking itself what can be done to improve privacy, comply with the law, without breaking the web that we have.

    It should not be that difficult. Just channel some of that pointless negativity into practical action.

    1. fridaynightsmoke
      Coat

      Re: Reason at last

      ...and it's not our fault you didn't object to the plans for the intergalactic bypass, either.

    2. Anonymous Coward
      Anonymous Coward

      Re: Reason at last

      "Now we have some new data protection laws being drafted which could actually make things even harder for website owners - who of the complainers has even tried to get involved in that debate?"

      To echo fridaynightsmoke's point, what law is this? Can I have a link please to see if it's one I've already heard of or another new law I need to try to keep up with?

      1. TheCookieCollective

        Re: Reason at last

        Google 'New EU Data Protection Regulation' - lots of negotiation going on at the moment between governments and the EU on the wording of this.

        look for 'explicit consent', 'right to be forgotten', right of data portability.

    3. Dave 15

      Re: Reason at last

      Of course there is another way.

      If ALL the sites just agreed not to implement this just what would the government do? Each site argues in court, each site has to be taken to court... the hassle for the legal system would break the system totally.

      Similar applies when we are told we must only use metric weights, or must pay car tax, pay for car parks etc etc it is up to us to show 'democracy' by democratically deciding to tell the thieving and fibbing gits 'in power' who really is in power.

      1. Anthony Cartmell
        FAIL

        Re: Reason at last

        Pretty much ALL UK websites have failed to implement the requirements of this UK law.

        How many websites are there for organisations and individuals based in the UK that use cookies?

        ICO cannot discover the complete list of UK websites that use cookies. It would need to find the intersection of two extremely large sets: websites that use cookies, UK-based website owners.

        It is plainly impossible for ICO to police this law without relying almost entirely on the general public sending in complaints of sites they think don't comply. I'd possibly expect more complaints from the general public about these annoying new popups that have appeared on popular sites...

  9. Anonymous Coward
    Anonymous Coward

    fixed it for you

    Cookies are small text files that are used to spy on internet users

    1. Anonymous Coward
      Anonymous Coward

      Re: fixed it for you

      Umm, I've fixed your fix for you:

      Cookies are small text files that keep you logged into The Register, Yahoo/Google/Live Mail and any other online web service that maintains some form of session or preference.

      1. Richard IV
        Alert

        Re: fixed it for you

        Fixing a fixed fix:

        Cookies are small text files that keep you logged into The Register, Yahoo/Google/Live Mail and some other online web services that maintains some form of session or preference. It doesn't have to be done this way although it is the easiest (it's really a bodge around HTTP being explicitly stateless). They _can_ be used for spying, but the one bit of social good the spies have given to society is using part of the oodles of money they glean from doing so to keep a huge part of the world wide web free to access (as in without charge). Cookieless sessions are perfectly possible, but can be a pain for other reasons.

        1. Anonymous Coward
          Anonymous Coward

          Re: fixed it for you

          "Cookieless sessions are perfectly possible, but can be a pain for other reasons."

          By "maintains some form of session", that was implied as between browser sessions. Obviously the browser can hold a session/authentication token in memory and pass it as a HTTP header, POST data, or heaven forbid a URL parameter to get around the stateless nature of HTTP.

          If however that session is to be maintained between browsing sessions then cookies are required, or you have to depend on a browser that will save the session data itself, which you can't be guaranteed of and would make for an ugly solution.

  10. Anonymous Coward
    Anonymous Coward

    All cookies are blocked. Flash ain't allowed to store LSO's.

    If your website don't want to work because of my choices, tuff for your website.

    I'll take my business to your competitor!

    Done!

    1. Anonymous Coward
      Go

      Goodbye and good luck.

    2. Anonymous Coward
      Anonymous Coward

      Yeah, good luck with that one

      Has anyone else noticed that the mojority of websites have turned this cookie warning in to "if you want to use our site accept whatever cookies we want, otherwise our website won't work for you"?

      So it's become pretty pointless.

      1. Steven Roper

        Re: Yeah, good luck with that one

        "if you want to use our site accept whatever cookies we want, otherwise our website won't work for you"

        Their webmasters have already learned this tactic long ago because of NoScript. The number of sites I've seen that display nothing but an advisory that Javascript is disabled and must be enabled to see the site at all, was increasing long before this cookie issue came up.

        It's all very well to take one's business to a competitor, but when all the competitors do the same thing as well simply because the benefits outweigh the costs, and there's no other way to replicate the required functionality, what are you going to do? Stop going online completely?

        1. Anonymous Coward
          Anonymous Coward

          Re: Yeah, good luck with that one

          "when all the competitors do the same thing "

          Not all!

          It's easy enough to delete all cookies and open new browser sessions.

          It's easy to get around, if you REALLY need to use a particular website.

          Your business loses out, not me. If the board knew, heads would roll.

          1. Anonymous Coward
            Anonymous Coward

            "If the board knew, heads would roll."

            We do know.

            And we also know that users like you make up a tiny minority of our customers, and are extremely unlikely to click on our advertisements (you're probably running an ad blocker too) or buy something that you can download for free anyway.

            You're simply not worth the effort.

            We'd rather create an enjoyable experience for the other 99% of our customers

            1. Anonymous Coward
              Anonymous Coward

              "If the board knew, heads would roll." - continued

              I'd like to add we work very hard to minimise the number and intrusiveness of cookies on our site. I don't expect anyone to believe me though. Flame suit on.

            2. Anonymous Coward
              Anonymous Coward

              "enjoyable experience..."

              Lol. Only since I blokced all cookies and ads has any website started to become even slightly enjoyable.

              And as far as the 'but when all sites wont let you in until you allow cookies/java....where will you go" scenario - at that point some bright spark will say 'hey, what if we we DON'T force cookies/java etc...we'll clean up'. And the rest of you will say 'why didn't we think of that'....of course you could always not piss of your potential customers in the first place....just an idea.

              PS. I look forward to the day when ITV won;t let you watch the second half of a TV program because you went to make a cup of tea during the commercials.....you may start to think like the rest of us when that happens.

              1. Anonymous Coward
                Anonymous Coward

                Re: "enjoyable experience..."

                "Lol. Only since I blokced all cookies and ads has any website started to become even slightly enjoyable."

                Ah yes, because we serve a couple of unobtrusive adverts on our totally free to use website purely to annoy customers. It's not like we have to pay for equipment and staff or anything....

                ".....you may start to think like the rest of us when that happens."

                So, how do the rest of you think then? Please enlighten me about this way of thinking that I'm missing out on, but would allow me to spend 50 hours a week running my totally free to use website with no income at all, and feed my family when I get home? All I'm asking is that for nearly 2000 pages of information you just look at an average of 1.3 unobtrusive 250 x 250 relevant adverts per page. You CHOOSE not to, yet still complain when I use cookies and javascript to provide the experience that the other 99% of our users keep coming back for.

                Really, I don't understand why you feel that you are entitled to get anything you want for free. It'd be a crazy attitude in real life - why is it acceptable on the internet?

                1. Anonymous Coward
                  Anonymous Coward

                  Re: "enjoyable experience..."

                  Anyone want to give their reasoning behind the thumbs downs?

                  1. Anonymous Coward
                    Anonymous Coward

                    Re: "enjoyable experience..."

                    "Anyone want to give their reasoning"

                    I can't speak for anyone else, but in my opinion you may need to work on your customer engagement skills.

                    1. Anonymous Coward
                      Anonymous Coward

                      Re: "enjoyable experience..."

                      The trouble is that I have tried engaging with this type of person many times before, but to me it still seems an odd attitude to think that every website should cater to their exact requirements precisely. Nobody expects that of every shop they visit.

                      If a single person abuses a greasy spoon cafe because they're not a vegetarian organic restaurant and demands that they cater to them, what would you expect the cafe to do? Carry on keeping a guaranteed 99 customers happy, or change the menu to appease 1 customer who may never even visit once the changes have been made, and risk driving the other 99 away? Why should a website stop using javascript, cookies, etc., thereby spoiling it for the many to appease the very few?

                      If a person walks into a newsagent every day, reads all the magazines, and then walks out - is that person really a customer? When the 'customer' is challenged by the shopkeeper they then threaten to take their business elsewhere. What should the newsagent do? What can a website do when it that situation?

                      We try really hard to appeal to as many customers as possible - however we cannot please everyone. Ideally we'd have a site that 100% of people like, but realistically we cannot do that, and we cannot spoil the site for the 99% because of a very vocal minority. It's a compromise. It's easy to complain - a lot harder to come up with a solution. I am always open to ideas, but the people who complain rarely give feedback on what we could sensibly do to improve things.

  11. Gordon Pryra
    FAIL

    "freely given, specific and informed"

    The problem is the word "informed"

    No offense but 90% of the population would fall asleep if you even tried to tell them the basics over a pint, yet alone force them to read some text on a screen they will either press X or shit themselves thinking you have stolen their identity.

    There are far more scary things that the ICO should be looking at.

    Back on topic though, when has the EU ever listerned to anyone who is not covered in cash like the Googles, Microsofts and BTs of the world who can do what they want anyway, flouting laws as they see fit.

    SME's may as well talk to a brick wall for all the good it would do them.

    Yet one more "expert" getting airtime backed off doo doo talk

    1. heyrick Silver badge

      Re: "freely given, specific and informed"

      "There are far more scary things that the ICO should be looking at."

      Yeah - who gets what on a mobile phone (due in part to Google's way f'ked up so-called permissions). Cookies pale into insignificance with an app that gets easy access to your phone number (sort of required if the app needs to suspend activity during a phone call), not to mention the shit that many try to slip under the radar - location, address book, known accounts, blah blah. As I said elsewhere previously, this is a take it or leave it (you can't take an app but tell it NO to accessing address book, for instance); essentially the Android permission system is badly broken almost to the state of encouraging the lifting of data. Gee, there's a surprise...

    2. Anonymous Coward
      Anonymous Coward

      Re: "freely given, specific and informed"

      "when has the EU ever listerned to anyone who is not covered in cash"

      They actually do. The problem is that it can be so frustratingly difficult to know how to get in touch with the right people (something which, granted, companies covered in cash can pay someone else to do). When you do reach them though, and assuming you have something minimally intelligent to say and are able to present it clearly, they do listen. In my experience at least, and yes, I was a bit surprised.

  12. Cannorn
    Go

    If they weren't 100 miles away or I had a Blackhawk

    Me and my Friends just happen to have Ninja kit and can easily make tatical black feather dusters....if someone can loan us a Blackhawk we will call this bluff so hard!!

    Maybe tie him to his char with Duct tape...sorry Ninja tape....then crush a cookie in front of him before tickling him mercilessly...I think that will get the message across...

  13. Huey

    As per the rest

    Me: Erm you do realise that we have an EU no smoking ban.

    Them: Erm sure

    Me: and this is a cafe in Brussels

    Them: so..?

    Me: So you aren't allowed to smoke!

    Them: You English you have to follow the rules don't you.

    Me: That is what they are for.

    Them: Silly English

    1. Jason Bloomberg Silver badge

      Re: Silly English

      The root problem is Britain cannot make up its mind if she wants to be in or out of the European club. Her wanting the advantages but none of the disadvantages shows she's not a team player and others in Europe can plainly see that. In putting self interest above collective interests we end up being side-lined and treated with contempt, our influence neutered.

      Until we shake off our arrogant and supremacist attitudes and obsession with sovereignty we'll never fully be part of the European venture, at one with it. We won't be in, we won't come out, and in our trying to have our cake and eat it we have a complete mess, which we blame Europe for rather than recognising ourselves as the problem.

      On the other hand we do do the right thing; where legislation exists, we will enact it. Though I sometimes think bad legislation is embraced and enforced simply to further anti-European sentiment rather than fight to make it what it should be and government doesn't seem to be adverse in passing the buck for unpopular things it actually supports.

      SNAFU.

    2. electricmonk

      Re: As per the rest

      "...we have an EU no smoking ban..."

      You work for the Daily Mail and ICMFP.

      A fine story, spoilt only by two tiny details: (1) there is no such thing as an "EU [no] smoking ban", and (2) Belgian law allows smoking in cafes - though admittedly it's supposed to be in a separate room from the one where the food and drink are served.

    3. Anonymous Coward
      Anonymous Coward

      Re: As per the rest

      Sorry mate, but as has been pointed out below, sadly there is no such thing as an EU-wide smoking ban. Unfortunately for me as I have to put up with the backwardness of Germanic and former Austro-Hungarian countries in this regard.

      However, if you're going to complain at a minimum you need to get your facts right.

  14. Graham Marsden
    Thumb Up

    Bravo!

    The cookie law is another example of well meaning but completely ignorant Eurocrats trying to pass a law to control something which they don't really have a clue about and then the British Government trying to gold-plate it and tell everyone "this is what you must do because we have to show the rest of the EU how it's done!"

    Meanwhile, of course, much of the rest of the EU is looking at it and thinking "Sod that for a game of soldiers, ignore it if you like", so we end up wasting money whilst they just get on with business as usual.

  15. Sarah Davis
    Coat

    Cookies are vastly under recognised

    some legitimate sites will put put 60 or more cookies on your computer. This is unjustifiable.

    I can appreciate the need for a banking site or a forum or any site where you need to log in my need to leave ONE cookie - this is not a problem for anyone.

    But the fact that most sites leaving more than one cookie do so to spy on you, to steal personal info, such as surfing habits etc, which they then sell without your permission to greedy morons who will use it to try and sell you their crap (it must be crap, as if it were quality it would sell and they wouldn't be so desperate to find any means to increase sales).

    Some sites use the "If you continue to use the site, we'll assume you're happy to accept the cookies anyway." - to which we can 'assume' that the webmaster of the site is a moron with no real knowledge of how to interact with people and so makes huge mis-assumptions as obviously the majority of security aware users are "NOT happy to accept the cookies anyway" and only a moron or conman would 'assume' otherwise.

    Therefore, we are forced to accept compromise, or screen every cookie (which is time consuming, but at least it builds up a blacklist and shows you whether or not a website has integrity and respects it's users or not.

    I'll accept one cookie, any more is really unnecessary and an unacceptable compromise

    1. jonathanb Silver badge

      Re: Cookies are vastly under recognised

      Session cookies to remember that you have logged in are of course perfectly legal. A tick-box option to remember your login details next time you visit is fine as well, though to be sure it is legal you should probably add a short half line explanation that ticking this box will save the login details on your computer. People would chose not to tick this box if for example they were using someone else's computer, or they know that other people use their computer.

      One example I noticed recently which is not OK:

      I visited Staples website to look at some tables. It did not advise me it was depositing cookies on my computer. A little later, I visited the Telegraph website on the same computer. I got their flat-over saying they use cookies and assume I am happy with this unless I say otherwise. On the same page, there were ads for the Staples tables I was looking at earlier.

      This was on a freshly installed computer that I was using for the first time since re-installation. I had been tracked without being given the opportunity to opt-out never mind being asked if I agreed to it. Imagine, if while I was in Tesco, someone came up to me, shoved a leaflet in front of my face, and told me that I was looking at this item in another shop earlier in the day, would I be interested in buying it. This is what these people are doing on the internet. It is not acceptable behaviour.

      1. heyrick Silver badge

        Re: Cookies are vastly under recognised

        @ jonathanb

        El Reg's cookie policy. Explains the El Reg cookies and what they are for, then starts talking about included third-party cookies. I don't mind El Reg remembering me (so I can write crap like this without logging in non-stop), however I do not agree to the use of Google Analytics; because numerous sites use GA so GA is the link able to trace my activities on a number of different locations. When I consent to El Reg, I am not willing to auto-consent to this. Why is it just expected that I will agree to <site> and also to <list-of-random-third-party-sites> as well? These sites should be considered separate entities and need to obtain permission (and not via some opt-out buried away). Anything else is, frankly, pretty much how it was before the cookie law, thus making said law rather pointless.

        That is just not acceptable behaviour, either.

  16. heyrick Silver badge

    It has already been said, but...

    " Cookies are small text files that record internet users' online activity. "

    You'd expect better from a site specialising in IT.

    Oh, and for the people slagging off websites that require cookies, you tell me how you'd like to interact with MediaWiki without having a cookie to log in? Or maybe you'd like to have everything like a forum I know that uses sessions, so every time I use it on my mobile I have to log in each time the signal drops out. Kinda sucks on a car journey...

    1. Loyal Commenter Silver badge
      Joke

      Re: It has already been said, but...

      It totally distracts you from the driving!

    2. Anonymous Coward
      Anonymous Coward

      Re: It has already been said, but...

      Way to miss the point.

      Nobody is slagging off sites who NEED to use cookies. Nobody is saying you should interact with MediaWiki without cookies. What we are saying is that MOST sites do NOT need to put cookies (especially lots of them) on your machine, and the reason for a lot of them is to collect surfing habbits.

      If web designers hadn't abused the use of the cookie in the first place we wouldn't have neede this useless law. But they did - all under the heading of the 'improving the user experience' bullshit.

    3. jonathanb Silver badge

      Re: It has already been said, but...

      Those sorts of cookies are totally legal. The ones that are not legal are the ones that monitor the items you look at in shopping sites, and display adverts for them on your form pages.

  17. Velv
    Megaphone

    If it was a GOVERNMENT agency that was wanting business to track users activity then the businesses would be up in arms alongside the Civil Liberties people.

    But no, it is business that "wants to understand its customers" so that justifies the use of cookies.

    STOP BEING LAZY AND FIND A BETTER SOLUTION - there's a fortune to be made by anyone who can patent, sorry, build a solution that works.

  18. Wonkydonkey

    Cookies aren’t evil, but marketing companies certainly are

    I work in marketing and spend a lot of time analysing data that is only possible to collect by letting people believe that cookies are good.

    With the cookies you allow on your machines I can track every move you make on our site including how you got here.

    But it’s OK it’s all anonymised aggregated data right?

    Not anymore. A lot of companies are now hosting their own web analytics data, similar to what google analytics hosts. And whilst all they have to begin with is an anonymous cookie ID as soon as you sign up for an email or request a catalogue or god forbid buy anything then they can pretty easily link that bit of personally identifiable data to your cookie id and all the previously anonymous browsing data becomes YOUR browsing history.

    Still not bothered?

    What about when I segment the customers into good customers like you and the lookie loo’s. While the lookie loo’s get a nice offer, 20% off maybe, to get them to buy. But you, I know who you are and I know you buy a lot, so you, you get nothing. Maybe I even give you higher prices…

    Upset yet?

    But wait, we’re not done. I can make even more money from you by joining forces with some other data aggregator, by putting their cookies on my site and letting them have all your data, and I can even give them your real name and address as well, then they can see you browsing habits across all the other sites that partner with them. And they’ll love me, because I’ve just turned all that anonymous data they used to have, from 10 other sites that you never identified yourself to, into data about YOU.

    So while my site might use cookies in an unobtrusive way to enhance your browsing experience, how can you be sure I’m not selling everything I know about you on to others?

    So you’ll just block third party cookies right?

    Tough luck, all these cookies are first party cookies as MY web server places them. You can’t block them without breaking the rest of the site and making it unusable.

    Aren’t cookies great and isn’t this law silly.

    P.S. Where I currently work we’re really nice and we would never do any of this!

    1. Wonkydonkey

      Re: Cookies aren’t evil, but marketing companies certainly are

      The marketing companies have already spun it…

      This law was never supposed to be a “cookie law”, it was a privacy law. It was supposed to classify cookies into those you want (login, username, check out) and those that are offensively obtrusive (tracking, changing pricing etc).

      Sites were supposed to inform you about all the cookies and then you could refuse the evil ones but let the site remember your login etc.

      Marketeers span it all into “cookies are great” and all cookies are equal. Even those sites that now comply with the law only give you the option to accept all or none of the cookies. Whereas what you really want is to say, I’d quite like to be able to use the check out, but I don’t want you to track me or sell my data.

      By howling about how silly the law is all you are doing is playing into the marketeers hands. What you should be doing is saying the law isn’t specific enough and howling about what unscrupulous people are doing with your personally identifiable information. Selling it on to even less scrupulous people, that’s what!

      What we need is for the ICO to grow a pair and find some sites that are selling data on and smack them with a big fine.

      The law might be a bit daft but the idea was a noble one.

    2. badmonkey
      Thumb Down

      Re: Cookies aren’t evil, but marketing companies certainly are

      That's nice but a little paranoid?

      Most of these marketing issues are resolved by blocking 3rd party cookies. Sites placing 1st party cookies on behalf of The Evil Marketeers are likely to get caught and their names slandered from here to the BBC, particularly if they are breaching their own privacy policies (which most retailers are eager to see their customers' happy with). Dealing with this is exactly what this idiotic law should in fact be specifically doing, rather than making illegal the normal and accepted operation of most sites on the web.

      1. Wonkydonkey

        Re: Cookies aren’t evil, but marketing companies certainly are

        I’m not sure why you would think that I’m paranoid. In my current role I could be doing all this stuff now. It happens and it happens today. I’m not talking about the future, this is now.

        I frequently get companies trying to get me to take their products which will enable me to link all the online data to the offline data. Technically it’s pretty trivial to do, you just need a lot of storage space, which is now dirt cheap. There are even solutions that display a different phone number to each visitor so you can link the calls back to the browsing data as well. Decent size companies with good marketing and IT departments are doing this today. I would hope they aren’t all flogging the data on, but most companies will monetise whatever they can and If that’s your data so be it. If you ever forgot to untick the “pass your data on to carefully selected partners” then your data has been sold on.

        If you don’t think sites place cookies that aren’t really theirs as first party then check out a few website and see how many are placing the google analytics cookies as first party. You will be surprised.

        The law does have exemptions for cookies which are strictly necessary for the operation of the website (e.g. check out cookies, baskets etc). But no marketing company was prepared to have a website that ran smoothly and gave the user the option not to be tracked and monetised. They all went down the road of “this law is stupid” click here to accept all cookies or our site won’t work.

        I agree with you the law should be trying to stop people pretending cookies are 1st party when they aren’t. But its already been spun as a “silly” law and now this isn’t even being looked at.

  19. anger

    Got better idea for those pop-ups: 'Free cookies for your browser - Accept / Decline'

  20. David Pollard
    Go

    Go, Reg, Go

    Join in with this barefaced protest. And while you are at it remove that horrid black box at the bottom of my screen when I visit this site which will only go away if I lie by agreeing that. "I'm fine with this."

    I know El Reg uses cookies, so do by far the greater proportion of visitors, and my cookie-blocker usually blocks them. So, please, get rid of that annoying notice and treat this stupid imposition by the EU bureaucrats with the contempt it deserves.

  21. This Side Up
    Stop

    Cookies are small text files

    Not on this computer! Cookies are stored as lines of text in a single file per browser.

    When you say "Remember me on this computer?" what you really mean is "Remember me on this browser?".

  22. JonGuildford
    FAIL

    Unfortunately

    Most businesses are too busy doing business to get actively involved in lobbying. A stupid law is a stupid law. If 20 web developers had been asked about this law the stupidity would have become obvious & it wouldn't have gone though. It should be up to the law makers to get out of their office & speak to people & make sure there aren't serious holes in their logic.

  23. dephormation.org.uk
    FAIL

    EC Missed the Point

    The law addresses the symptom not the cause of privacy concerns.

    Its not cookies that should have been outlawed, its the practice of compiling marketing databases of personal information without consent.

    To repeat an analogy; its like banning 'bad' biros to stop cheque fraud, rather than banning cheque fraud.

  24. Ben Norris
    Thumb Down

    Useless MEPs

    Businesses and experts had been saying how rubbish this directive was long before it came into force and their input was completely ignored by the EU and it's useless MEPs. It is not for companies to give more input, it is for the MEPs to actually pay attention to the constituents that they are working for!

  25. Born to Change
    Coat

    There is a point to this.

    It isn't about a little data file, it is about companies asking if they can use your data, and respecting your decision. This is not a new concept, why should websites assume that it doesn't apply to the internet? No one wants to feel that they have been used, even if no harm comes from it.

    My current beef is over cynical sites that parade compliance but strong arm users all the same. Those that say, "if you want to use this site, click that you accept cookies", rather than, "You don't need persistant cookies to use this site but this is what you will miss if you click "no thanks".

    There is a real distinction between practical browser (or server) 'shopping trolly' - type cookies and tracking cookies. This distinction should be reflected in the regulations as this would help website owners understand that there is a point to this.

    The logo has been picked as it looks like someone going through your pockets.

This topic is closed for new posts.

Other stories you might like