back to article UK cookie law compliance takes effect today

From today the UK's Information Commissioner's Office will begin enforcing the EU's revised ePrivacy Directive that requires website owners to be upfront with their users about the information they collect. The so-called cookie law was implemented on 25 May 2011 by Brussels officials, but getting the legislation transposed …

COMMENTS

This topic is closed for new posts.
  1. This post has been deleted by its author

  2. Anonymous Coward
    FAIL

    Why should anyone comply? The ICO is a joke frankly!

    I reported one large UK educational organisation for persistently spamming me despite being asked to stop on five separate occasions (including once in writing). ICO's response was that they couldn't help despite the organisations concerned clearly having no understanding of how to operate and maintain their own database.

    So my guess is that we'll hear of a few high profile cases in the papers of the ICO taking action, but for the rest the ICO will sit around going "not my problem mate".

    1. LarsG
      Facepalm

      Bloody annoying

      Whats worse, the fact that cookies existed or the annoying little pop up boxes that now keep keep appearing telling us cookies are about?

      Someone develop something that erases the little annoying pop ups please.

      1. Fibbles

        Re: Bloody annoying

        As far as I can see, if I don't accept a tracking cookie from a site I'll keep getting pop-ups telling me the site needs my permission to install cookies. Government mandated nagware, great...

        1. Bakunin
          Holmes

          Re: Bloody annoying

          Also annoying is the fact that you accepted cookies is stored ... in a cookie.

          So those of us who expire all cookies when the browser is closed (and have been doing so for years) have to agree every time we return to a site in a new browser session.

          So how long before the "accepted cookies" cookie becomes the standard long term tracking method because it's the one cookie people are least likely to remove because of the annoyance factor?

          1. Dan 55 Silver badge
            Facepalm

            Re: Bloody annoying

            Maybe in the days of Netscape 4/IE 6 'something had to be done' but now every browser under the sun now comes with a reasonable set of cookie controls and if that's not enough there's Do Not Track which appears to be gaining traction and add-ons like ABP/NoScript/RequestPolicy et al...

            This is why politicians shouldn't be allowed to legislate in technical matters. Just because they can't find the cookie options in the preferences dialog it doesn't mean that an area with a population of 400 million people + everyone who visits from outside that area should be badgered with fecking annoying pop ups saying 'ooh, we use a feature of HTTP headers that's been in use for about 15 years, are you really okay with that? By the way, if you can find the cookie controls, see you next time!'

            And so the next popular add-on for browsers will be a technical solution which will identify the 'are you okay with that?' cookie and preserve it while disabling the rest or letting them get wiped when the browser closes.

            1. David Hicks
              Thumb Down

              Re: Bloody annoying

              You, someone that understands technology, may well feel that way. The vast majority of people do not, yet many of them would be upset to find out just how much they are tracked and monitored across the internet.

              There is no need for 90+ % of the cookies that collect in the browser, just take a look at the list that accumulates sometime. Cookies should be reserved for logins, basically. You can do most of the rest with session ids as parameters in a URL. These irritating popups (I have yet to see one) shouldn't be there either, until someone tries to use a function for which cookies are essential.

              I mean, taking el reg as an example, why should anyone need a cookie to read the site? Other than those few of us that log in to make a comment, it seems completely unnecessary and serves to do nothing more than track people, which is unacceptable.

              1. Liam Thom
                Thumb Down

                Re: Bloody annoying

                Session parameters in a URL? Why would you use such a clumbsy tool when you could use an (almost) universally accecpted method of dropping a harmless text file on a user's computer?

                1. David Hicks
                  Thumb Down

                  Re: Bloody annoying

                  @Liam - Why bother with session parameters at all most of the time? Just why are sessions even tracked on most sites? Seriously, unless you are an online shop or an account based service, there's no need, and the negatives of cookies outweigh the positives.

                  I'll say it again - why the hell does a site like el reg need to use cookies unless people want to log in and comment? For the other (larger) part of the user base, there's just no need.

                  @Dan - When 'Do Not Track' is actually respected by the shadier side of the advertising business (i.e. Never) then that's a fine solution. Until then, yes a lot can be done with session ids in URL parameters (which I don't believe went out in the 90s), and in a hell of a lot of cases there's just no need for a cookie in the first place.

                  1. Dan 55 Silver badge

                    @David

                    From the user's point of view nothing can be done with session IDs in the URL as if you delete them by hand they keep coming back and if you share the link with someone else or a search bot crawls your site it's a possible security problem.

                    However properly managing the cookie permissions allow you to reject session IDs on a per site basis if you really want to. Otherwise you can wipe them on exit.

                    The shadier side of the net can track you with flash cookies, DOM storage, local DB, history sniffing and more. They are only going to take advantage of the 'are you okay with this' message to install malware as someone mentioned here. Do you think premium SMS scammers and 070 fraudsters and the like respect the TPS and Ofcom?

                    Far better to push for DNT as in the states (and it's not often I say something like that) than annoy everyone with messages that give the impression that 'cookies are bad, m'kay'.

                    A perfectly good solution to a technical problem (storing state using a stateless protocol) has now been made clumsy to use by clumsy legislation, not just in the UK but across the whole of the EU.

                    1. David Hicks
                      Thumb Down

                      Re: @Dan

                      WHY DO YOU NEED STATE?

                      Why is nobody going to answer this question - why in hell's name does a site like the regneed to bother with state for anyone other than logged in users? Why do 90% of the sites out there set multiple cookies when I'm just passing through to read something?

                      Sure, session ID's could be a security risk if used for sensitive things, nobody's suggesting you can't use cookies where you actually need to, for user accounts and purchasing operations. How many of the sites that set cookies do you think actually use them for this?

                      If I leave my browser unprotected it quickly accumulates hundreds to thousands of cookies of cookies. I but from maybe three sites, and have user accounts at another ten at most. The rest of the cookies are for tracking of various forms and these are what the legislation aims to reduce, an operation which I'm 100% behind.

                      1. Anonymous Coward
                        Anonymous Coward

                        Re: @Dan

                        Trouble is, the legislation is toothless. Look at the BBC site: the important cookies, that is the ones which track you as an individual, are described as "essential" and no opt-out is permitted.

                        Mind you, El Reg isn't any better: "Click the button to accept our cookies. And by not clicking the button, you still accept our cookies". So much for informed "consent".

                        I predict there is now going to be a huge market in new browser add-ons which block all cookies except specific static ones which say you've accepted cookie policies - thus making the whole business of browsing far more tedious than it ever was before.

                    2. David Hicks

                      Re: @David

                      Further to that - one hopes this becomes just another weapon in the arsenal to take down scammers, at least if based in europe.

                      1. Dan 55 Silver badge

                        Re: @David

                        I think El Reg and every other site are perfectly entitled to find out which areas on the page/headlines/stories generate most clicks on their own site. If you don't agree with that then you can disable cookies for that site's domain. In addition many 'top stories now' boxes/tickers/false windows on the page/pretty effects to increase the site's appeal need to store temporary data somehow.

                        There really doesn't need to be a giant warning on every website, it doesn't help the end user in any way.

                        1. David Hicks
                          Stop

                          Re: @David

                          Right, so now we get to the bottom of it, you don't need those cookies. It's not going to break the internet to ditch 99% of them, and you consider yourself entitled to track users activities.

                          Those are (at best) 'nice-to-have' features that allow you to track what goes on with your site, and at worst are precisely the sorts of behvaiours this legislation seeks to make more difficult.

                          I'm glad we've got to the bottom of this - there is no technical reason that most cookies can't be ditched.

                          1. Dan 55 Silver badge
                            Facepalm

                            Re: @David

                            Giving the client a reasonable set of privacy controls allows the user to make decisions, works for both legitimate and dodgy sites, and doesn't make browsing clumsy.

                            Mandating messages on the server side doesn't really allow the user to make decisions (it's just 'we need cookies to work, click here to agree' or some sites like BT will give you server-side cookie controls that really are more transparently covered to the user with client-side controls, and remember if the user is interested enough to find server-side controls then they will certainly have already found the client-side controls which have the advantage of working for every site and being standard for that browser not dependent on the server), only works for legitimate sites, and makes browsing clumsy.

                            Some people like the features I've mentioned. Try and use an AJAX web mail service without them. Just because you miss the days of Mosaic doesn't mean it should be inflicted on everyone by law. If politicians ever hear about the other features I've listed above that dodgy sites could use then we might as well turn off the Internet because browsing is going to turn into a form of masochism.

                            Just because you maintain that the lack of a message might trip up a dodgy site or two doesn't mean that it's necessary to inconvenience the users who use the vast majority of legitimate sites. Do you really think they're going to bring down e.g. The Pirate Bay over this when they've been going for years? What does the directive allow EU governments to do as a sanction for not complying? Fine them (if they can be found). Not take down the site. Not put the owners in prison.

              2. Dan 55 Silver badge
                Thumb Down

                Re: Bloody annoying

                If someone objects to being tracked, there's the Do Not Track option. It could be one of the basic configuration options shown on first run.

                Session IDs in the URL are madness and got dropped by the end of the 90s.

        2. MrXavia
          Thumb Down

          Re: Bloody annoying

          Totally agree with you here, I would rather NOT have a nagware box, but expect sites to track me(making it my responsibility to clear cookies etc), than have the nag box..

          Most sites NEED a cookie to function, and basically that means they have a pretty good get-out clause for that cookie...

          I.E. go to Amazon, no cookie warning, BUT they put a session cookie in, wow, shocking....

          This whole thing about cookie permission is a farce..

        3. Anonymous Coward
          Anonymous Coward

          Re: Bloody annoying

          Like the Reg "The Register uses cookies. Some may have been set already...blah blah blah...If you continue to use the site, we'll assume you're happy to accept the cookies anyway" I delete all cookies when I exit the browser, I set my browser to ask before accepting cookies. So yes, by the time this box pops up I have said ok, so could you please remove that grey bar at the botton of the page without me having to click on it. I mean, its not as though these modern wide screens have an excess of vertical pixels is it.

          Still not as bad as the BBC site which wastes 5+ lines at the top of the page so I have to scroll down to read the content.

      2. Adam T
        FAIL

        Re: Bloody annoying

        Bloody annoying all right; El Reg's cookie pop-up keeps popping up on iPhone despite having already clicked I'm Fine With This every time, and I'm sure it won't be long till this is happening everywhere, and with confusion and uncertainty comes opportunity for mischief.

  3. David 45

    ICO just a figurehead

    I get the impression that the ICO just seems to be only interested in pursuing large companies and organisations in order to create a nice headline splash. I once reported someone that I used to work for as a driver, as he was in the habit of persistently passing on other drivers' personal details to other drivers and third parties without permission. Got pretty well nil response there from the ICO. He also passed on MY details (address, etc.) to one of the notorious, so-called private parking enforcement companies that got on the gravy train, instead of passing the paperwork directly to me to deal with. I reported this also and the ICO said is was OK to do this if the person concerned suspected that there may be follow-up legal action, which sounds distinctly vague and like some sort of get-out to me. Preposterous. Incidentally, I ignored the parking company's threats and allegations and never got any more correspondence from them. Just a try-on.

  4. The Axe
    Mushroom

    Annoying

    I'm already mighty pissed of with the directive causing lots of pop ups on just about every she I visit. Effing irritating. Another nail in the coffin for the eu as people find out how much its laws actually affect them - for no real benefit.

    1. OldBiddie

      Re: Annoying

      Really? Not a single site I regularly visit has had any visibility of asking for cookie permission.

      I get the premise, but stupid EU directives are stupid.

      1. Anonymous John

        Re: Annoying

        Not even El Reg? It's the only compliant site I've seen.

        1. Peter Johnstone

          Re: Annoying

          Yep, el reg and the BBC.

          1. Ilgaz

            Re: Annoying

            The Guardian too.

            1. Anonymous Coward
              Anonymous Coward

              Re: Annoying

              And screwfix as well. (not a dating site)

        2. Anonymous Coward
          Meh

          Re: El Reg is compliant?

          No visible cookie warning on El Reg at all for me.

          The only UK sites I've seen with any cookie info banners are the Graun and the BBC.

          I just checked on another machine (similar OS/browser to this one) and there was nothing on the Graun or the BBC. Not sure why it's showing on some sites and not others.

          1. Anonymous Coward
            Anonymous Coward

            Re: El Reg is compliant?

            it appears at the bottom of the screen on El Reg sites, but I suspect if you've noscripted the site it may not work.

  5. Chris 3

    Does El Reg really think its compliant?

    Interesting attempt by the Reg, but does it actually think that the bottom 'we're using cookies, we presume you're OK with that' banner makes it compliant?

    1. Anonymous Coward
      Anonymous Coward

      Re: Does El Reg really think its compliant?

      The sad thing is I'm guessing that is enough for compliance.

      Although click here to accept cookie, or navigate website and auto-accept cookie is shit. why no don't place cookie? Accept cookie or don't view website, smells like shrink-wrap-eula to me.

      1. Anonymous Coward
        Anonymous Coward

        Re: Does El Reg really think its compliant?

        "Accept cookie or don't view website, smells like shrink-wrap-eula to me."

        Sounds like, for many sites, we'll have a choice: accept tracking, or effectively censor what we see simply on the basis of not wanting to be tracked. Sounds much more appropriate for the Soviet Union.

        Imagine if public libraries were like this. "Yes, you can browse, but some of the books you can only open if you agree to the authors/publishers/distributors/advertisers tracking you." Or bookshops, or newsagents. You get to the till. "Before we sell you this book, you'll need to agree to being tracked. You don't have to agree, but if you do still buy this book, we'll assume that you do agree anyway."

        What next? Compulsory supermarket loyalty cards? Except they won't be compulsory. You just won't be able to buy anything without them.

    2. OldBiddie

      Re: Does El Reg really think its compliant?

      Isn't this the problem? The ICO guidelines are so vague it could be interpreted any number of ways. What is an essential cookie exactly?

      1. Jess--

        Re: Does El Reg really think its compliant?

        an "essential cookie" is one that is required for the functionality of the site, the main generally accepted one is sessionid

    3. David Pollard

      Re: Does El Reg really think its compliant?

      Rather than being motivated by compliance it looks to me as though the new regulations have provided an excuse for a nag banner with the aim of getting more readers to turn off cookie blocking, thus increasing advertising revenue.

      1. This post has been deleted by its author

      2. Anonymous Coward
        Holmes

        Re: Does El Reg really think its compliant?

        The only way to turn the banners off on most sites is to allow a cookie, looking at the scripts some sites run (which I allow), they will put this banner up until you allow them to set cookies. Others like elreg have put it into the html so greasemonkey or something to strip it out. Should be easy enough although some like the bbc are not displaying the banner if I block all their cookies.

    4. heyrick Silver badge
      FAIL

      Re: Does El Reg really think its compliant?

      It is more than that. There is a request from El Reg asking about cookies (with, I note (as do others) no NO option). So, okay, we are nice, we like El Reg, we write comments, so we grant permission to them (and, note, THEM alone) to store cookies.

      El Reg carries advertising. The website is still in breach because the advertisers never asked, never provided an opt-out, and god knows would likely never be granted permission by the masses.

      This legislation is a farce if it thinks El Reg asking counts also for the unknown quantity of unknown advertisers in unknown countries collecting unknown data who neither care about nor are obliged to respect El Reg's privacy policy. Put simply, El Reg (and others) just don't have the moral right to ask this question on behalf of (undisclosed) third parties.

    5. daveeff
      WTF?

      Re: Does El Reg really think its compliant?

      >>provide visitors with sufficient information to make a decision on whether they are happy for a cookie to be placed on their device<<

      Saying we're using cookies covers that? Should say what data and why?

      >> and obtain consent before placing a cookie <<

      der, my browser is set to accept cookies, I could set it not to - I have given consent.

  6. Trev 2

    In essence all you seem to need to do currently is put up a privacy policy and state what cookies are used (including 3rd party ones) and tell people how to block cookies if they want. Or if you're more paranoid, then you could do like www.bt.com at the very bottom of their pages.

    Beyond that it's pretty much a useless piece of legislation and £500,000 fines...yeah right!

  7. Andrew_b65
    Facepalm

    Accept malware

    This site uses cookies. Some may have been set already. Read About Managing our cookies. Please click here to unwittingly accept the installation of malware on your machine under the guise of accepting cookies.

    This is going to be a dream for botnets!

    It will be safer to install a browser extension to automatically accept genuine cookie requests to prevent my 9 & 11 year old users from filing their machine with dross. Are these cookie requests going to be certified?

    Double facepalm.

    1. LarsG
      Mushroom

      Re: Accept malware

      Yes, ' if you are happy with our cookie policy tick here, and if you do not want to accept our cookie policy tick here'......

      Ah Dimitri, we have another mugs details to pick over!

      Once we start to see the headline EXPLOSION IN MALWARE DUE TO NEW COOKIE LEGISLATION we can be sure the law will change again.

  8. Mr Young
    Thumb Up

    I'm scared!

    Is this cookie stuff more frightening than an alligator or tiger or dodgy wee spider? Stuff like that?

  9. Sean Houlihane
    WTF?

    Pop up blocker

    Anyone got an opt-out popup blocker? Why should i need to click some random link?

    1. Mr Young
      Alien

      Re: Pop up blocker

      Try this:-

      http://www.disobey.com/ghostsites/2005/11/fabulous-and-somewhat-sleazy-x10-pop-up.html

  10. David Gosnell

    How this should have been done

    Mandate that all new browsers should have an easy button to click to list all cookies in use on a given site, their contents, expiry terms, and (if technically feasible) a description of what they are. Whilst I'm as much against evil ad networks as the next guy, ultimately this is locally stored information, over which the user must take some personal responsibility and accountability - but mandating some simple tools that would work for all websites would sound better to me.

    Typically with these things, it's going to take some (expensive) test cases before anyone really knows for sure what the ICO wants or is trying to get out of this.

    1. Destroy All Monsters Silver badge
      FAIL

      Re: How this should *really* have been done

      Kick out the people and Euro Parliamentarian Fogies and hand the the saved tax feeder sustenance back to the civvies.

    2. Gaz Davidson

      Re: How this should have been done

      Better than this, just mandate a cookie policy being listed on a privacy page and force people to support the x-do-not-track header. Anything else is already covered by the Data Protection Act.

      Now every site in the UK is going to have these annoying popup bars and companies will just move their e-commerce elsewhere.

      1. streaky Silver badge
        Facepalm

        @Gaz Davidson

        *Better than that*

        Every browser should have a tool for managing cookies...

        Oh no wait.

        Not just me or has the EU actually broken the internet with it's obtrusive popups - and likely broken accessibility too (which would put any site that fancies complying with this law in breech of other law)? Hey lets take a div and ram some content into it with what is in effect a legal notice. Yeah great plan that'll work.

        Maybe if they EU had bothered to model the solution they might have noticed the fact that they were fecking everything up. Thumbs up if like me you have sites and no intention of complying even if it ends up in court.

    3. Kynth
      Pint

      Re: How this should have been done

      I use the "Edit This Cookie" extension in Chrome for this very purpose - great when debugging.

  11. Anonymous Coward
    Megaphone

    Yawn...

    Another Bloody Stoopid already out of date Law made by a bunch of archaic idiots who couldn't collectively find there own arse-holes with the help of written instructions...

  12. Paul 135
    FAIL

    Over-complex

    This has not been thought out well. The vast majority of web users will not know what a cookie is and now will be bombarded with these confusing pop-ups. Actually, many of us who DO know what a cookie is will be confused as each website is different and uses them differently.

    I also hate the word "cookie". It's one of those things that sounds like an American geek named because he thought it sounded cool, rather than it being a sensible and descriptive name.

    1. John Brown (no body) Silver badge
      Joke

      Re: Over-complex

      "I also hate the word "cookie". It's one of those things that sounds like an American geek named because he thought it sounded cool, rather than it being a sensible and descriptive name."

      You're probably right. Just thank your lucky stars it wasn't a British geek or it might be named "bread".

      1. Anonymous Coward
        Anonymous Coward

        Re: Over-complex

        Why 'bread'? I don't get it.

        'Biscuit' would be the UK equivalent (even though we do use the term 'cookie' but only for the chocolate-chip /maryland biscuits).

        PLUS - if we used 'biscuit' we could have special versions for wireless connections called "air biscuits' - :-)

        Note to USians - "Air-biscuit" is a term some people in the UK use for 'fart' - maybe you do too, dunno.

  13. This post has been deleted by its author

  14. Keep Refrigerated
    FAIL

    idiocy compounded

    I still dont get where the widespread outrage and demand for cookie laws was?!

    And typically rather than being a truly free choice, it's simply another checkbox EULA to obtain a service. So, in effect, they've taken a browser option that everyone mostly turns off, and switched it to a server-side option that is inconsistently implemented and difficult to turn off.

    Yet everyone is still going to need to accept cookies!

    Well done ICO! Now perhaps you can tackle that malware that installs and drops you're dialup connection and reconnects to a premium rate number, now that everyone uses broadband routers.

    Or perhaps you can force email providers to spam our inboxes every time we receive some junk mail to warn us that by using their email service we accept we may receive junk email from time to time. In fact don't let us view our inbox till we've clicked OK. Every. Single. Time.

    1. Anonymous Coward
      Anonymous Coward

      Re: idiocy compounded

      It's worse than just a shrink wrapped EULA though because the absense of cookies does not make the kinds of tracking this is meant to avoid impossible at all. (See https://panopticlick.eff.org/ for how many bits of information you're offering everyone)

  15. stucs201

    My problem is those who comply will implement it badly.

    Even the register has done it badly:

    1) Where is the "No I don't agree, but you have permision for one cookie to remember I don't agree" option?

    2) Because of (1) you have litttle choice but to agree on some devices because the info window obsures some of the content.

    I expect some sites will deliberatly have problem 2 to such an extent they're completely unusable unless you agree.

    1. David Gosnell

      Re: My problem is those who comply will implement it badly.

      It's also done badly here because the message keeps coming back, every time I visit. I really am "fine with this", you know! Or is this intentional, to show the folly of the legislation? Either way, I shall soon become blind to it or any other warnings of its ilk anywhere else on the web.

  16. batfastad
    FAIL

    Pants

    What's stupid about this is that there's no stipulation as to the wording of the warning that is presented to users. So it will end up being some sort of positive vibes "accept cookies to help us make our website better" message to which users will blindly click "yes". Similar to the way everyone blindly clicks "yes" to the 200 pages of terms and conditions when installing software or signing up to a website. Eventually all you will have accomplished is wasting peoples time and money with another layer of beuracracy that the user largely ignores and that is largely unenforceable.

    If the warning messages had to describe the purpose of the cookies that were being installed then that would be better. Or break the cookie options down into categories of "required for correct operation of this site" and "other analytics/demographics" etc. Most people would have no problem with cookies if they're just for keeping them logged in. It's the nasty tracking ones that some people don't like.

    How is your preference of not accepting cookies stored? I suppose you just provide annoying messages/alerts to badger the user until they click "accept".

    Can't wait to see what happens when client-side storage in HTML5 starts being really used for naughtiness!

    1. Anonymous Coward
      Anonymous Coward

      Re: Pants

      "So it will end up being some sort of positive vibes "accept cookies to help us make our website better" message to which users will blindly click "yes"."

      I've just visited the ICO website, www.ico.gov.uk. Here's what it says at the top of the page: "The ICO would like to place cookies on your computer to help us make this website better. To find out more about the cookies, see our privacy notice."

      1. batfastad
        FAIL

        Re: Pants

        Exactly. If the ICO is attempting to act as a best practice benchmark in the implementation of these new regulations, then that's hugely concerning and just portrays the legislation to be incredibly vague and therefore ultimately useless.

        Goodness knows how many applications I've got out there using session cookies that I'll probably have to retrofit for compliance.

  17. Pomgolian
    Facepalm

    EPIC FAIL

    http://www.ico.gov.uk/

    Click on the privacy policy -

    Firefox tells me:

    The page isn't redirecting properly

    Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

    This problem can sometimes be caused by disabling or refusing to accept cookies.

    FAIL!

    1. LinkOfHyrule
      Happy

      Re: EPIC FAIL

      Seems to work now but still, that's classic FAIL! I am giving them another FAIL point too for having a beige-ish website - what do they think it's the 70s or something! I feel like I'm in an episode of Life up Mars's Arse going to that site!

  18. stanimir

    stupidity

    there is no known cure for stupidity and the creators of the regulations definitely need one... alas.

    * The site has to store the cookie acceptance in a cookie, itself (baring client cert but in such a case no cookies are necessary either way)

    * Most people will read least understand what cookie means, besides the fact they like cookies (I don't but it matters not)

    * Sites may just decide to utilize tracking by IP and long keep-alive (i.e. IP+port, i.e. permanent connection)... or URL rewrite. The next time a user arrives on the site, the IP is a good guess +- the interested links, etc... even more sophisticated tracking algorithms

    * Back in the day when Netscape invented the cookies they were a neat idea, now they are bastardized to no end - leave the sites a single cookie and only cookie for the originating site and a lot of tracking/privacy would be enforced w/o hampering to a great extend the "web-experience"

  19. Anonymous Coward
    Anonymous Coward

    http://www.guardian.co.uk/technology/2012/may/26/cookies-law-changed-implied-consent

  20. LinkOfHyrule
    Paris Hilton

    Cookie safeword

    I would rather have a consistence way across all websites and across all browser to deal with this - this is going to get on my tits! I do hope it doesn't become tempting to use a VPN or proxy via another non EU state because of this shit!

    I think the whole reason for the ICO's softly, softly fiddle with a monkey approach is that they know it's going to be an epic screw-up all round but they are just not sure exactly how. They do not to me seem like the sort of dudes that can effectively plan what their having for tea let alone the future of the interwebz and personal information in general!

    I'm plonking a Paris on this as I actually genuinely think she would have come up with a better solution!

  21. jon 72
    Devil

    Oh cr#p

    Just had that indian tech support centre call.. you know he one

    "Hello this is tech support your computer has been infected with cookies"

  22. Cameron Colley

    Just bloody annoying.

    Now I have to put up with a stupid banner every time I visit El Reg, and other sites, because some twat in Brussels was told it was a good idea?

    Wow, yeah, great, way to save the world Eurocrats. Shouldn't you be, I don't know, trying to find a way out of the economic crisis rather than this bullshit?

  23. DF118
    Alert

    The Reg mobile site (as well as reghardware, channelregister) is asking me every time I load a page (Android, Dolphin). Quite annoying.

    Oh yes, and while I'm on it, when are you going to fix the "1 comments" bug on the mobile sites?

    Boo, no Reg tombstone any more. I hereby withdraw my subscription etc.

    1. DF118

      I should clarify that I have Dolphin set up to accept cookies by default.

  24. sysconfig
    Pirate

    Problem exists between keyboard and chair...

    I think we all know what the average user does when (especially security) warning messages appear: "Whatever!" - and click ok, yes, or whatever option provided in order to get to the content/functionality they wanted.

    The more warnings they are confronted with, the lesser time they take to read them. Clicking ok becomes a habit.

    And that's where the huge door for malicious stuff opens...

    1. Dog Faced Boy

      Re: Problem exists between keyboard and chair...

      Totally agree, and soon someone will come along and exploit it.

      It minds me when less tech savvy people realised that you just need to click next to install software, and then they started bundling in toolbars with the software installation.

      The amount of PCs I've had to repair for people with dodgy toolbars or unwanted toolbars, just because they didn't read the text before clicking next.

  25. Anonymous Coward
    Anonymous Coward

    BBC - Non-Compliance - Make an example of them

    BBC is deliberately misleading public

    claiming a "Strictly necessary" rating

    for optional non-core addon services cookies.

    See details at - http://www.bbc.co.uk/privacy/cookies/bbc/strictly-necessary.html

    NB

    That list only provides "Examples of"

    rather than a fully explicit listing.

  26. Pete 25

    Seriously El Reg

    The best you could do is "I'm fine with you setting cookies" ?

    Where's the "I don't want any cookies from you thanks" option?

    Cookie blocker time.

    1. Sir Alien
      Facepalm

      Re: Seriously El Reg

      Simply think of a website like a shop that the shopkeeper owns. The shopkeeper stipulates that you place your wet umbrella in a holding area or if you don't they won't let you enter the shop. The shop keeper owns the shop so can lay the ground rules up to the point where it breaks trade rules of course. (e.g. give me your purse while you shop)

      Essentially this law will (like El reg) just make sites tell you to accept cookies OR just not visit the site. 99% of the time people are going to accept the cookie by continuing to browse accepting the El Reg banner near the bottom.

      I sort of half half agree in that the idea for the law was good but the implementation is soooooo terrible that it basically now comes down to site owners saying accept my cookies or sod off.

      Adsense and Analytics users are going to be stung the most and a lot of the tracking will now be moved server side which no one has any control over. Just to give you an idea, server side tracking can yield pretty accurate tracking since most web browsers give off a lot of information that can be stored server side.

      I will essentially do the same with my sites now. Take the cookie or go away based purely on the Google Adsense perspective since removing them would kill the site. Unless of course there is a way to implement adsense to not use cookies and display just random ads.

      The implementation should have been left with competent technical people and not the damn monkeys currently running the EU

      Facepalm, because thats what EU parliament is like 24/7

  27. Tatsky
    FAIL

    It's all bonkers

    This cookies directive doesnt solve any problems.

    So it's all about privacy, and not wanting your activities tracked online. The problem is that the reputable companies out the track anonymously for the purpose of improving their service,or earning some revenue for the service they provide for free. For example, el reg is provided to us for free, but it costs money to put this sort of service together. Someone has to pay for it.

    Now, I doubt the less reputable companies out the are going to change their tactics, so a total fail there.

    Secondly, what is it we are worried about? Walk into any shop in the land, and your shopping habits are logged, through epos. It's anonymous, but the shop owner knows how many people bought product x. Also, if the shop keeper wants to keep a tally of the number of customers who look at promotion y, he doesn't ask permission. I high steers up and down the countr footfall is monitored, and have you ever been asked permission?

    Just because this is online ,doesn't mean there should be different rules to the real world.

    This has just made life harder for small businesses, and done nothing to restrict those who do take advantage of the system.

    Total fail.

  28. ukgnome
    Pirate

    How long before this happens?

    1. Person clicks a link / visits a spoofed site.

    2 .Person clicks the I accept the cookie

    3. Malware downloads in the background

  29. ukgnome
    Trollface

    Also

    the ICO site tells me

    "You must tick the 'I accept cookies from this site'" if I click continue without ticking the check box

    Must I? PAH!

  30. Crisp Silver badge
    Flame

    Cookie What Now?

    Didn't we go through all this cookie paranoia nonsense in the 90's? And in the 00's?

    There's a bloody setting in virtually every browser to stop the menace of cookies. I don't expect people to know the ins and outs of exactly how their browser works, but I do expect them to read the fucking manual.

    Reading the manual solves an awful lot of problems. Such as cookies (which seem to be a problem for some people).

    1. Anonymous Coward
      Anonymous Coward

      Read what FM?

      Didn't manuals for software go out back in the 90s? Or maybe earlier?

      These days if there's something you need to know I think you Google for it. But you have to know there's something you need to know first... Even then, you'll probably find a description for another version or another platform that's years out of date.

  31. Derichleau
    FAIL

    Don't believe the hype

    The ICO's claim that they're going to start issuing fines is a joke! They don't take any action under the Privacy and Electronic Communications Regulations 2003, they won't take action against a company for contravening section 11 of the DPA 98 but now they're going to start issues fines for non-compliance of cookie law. If so then it's a travesty!

    If they're going to take action at all then they should be prosecuting companies for failing to comply with a section 11 request because this is a for more serious matter. If an individual submits a section 11 request to a particular company then it stops all marketing; including cookie-based targeted adverts

    I've submitted two complaints about my bank failing to comply with my section 11 request the ICO have told me that prosecution for this kind of contravention is something they don't want to pursue. But what...they're now going to take action over friggin' cookies?

    Please explain the double standards ICO.

    www.mindmydata.co.uk

  32. despairing citizen
    FAIL

    New Definition of Informed Consent at Reg and BBC

    "If you continue to use the site, we'll assume you're happy to accept the cookies anyway."

    Reg and BBC obviously have a new definition of informed consent!

    The relevant item from the ICO guide;

    "The Regulations require that users or subscribers consent. Directive 95/46/EC (the Data Protection Directive on which the UK Data Protection Act 1998 (the DPA) is based) defines ‘the data subject’s consent’ as:

    ‘any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed’.

    Consent must involve some form of communication where the individual knowingly indicates "

    their acceptance."

    Not no action = consent

    BUZZZ, TRY AGAIN!

    1. Sir Alien
      Facepalm

      Re: New Definition of Informed Consent at Reg and BBC

      Depends, El Reg has made a visually noticeable banner that is more prominent on mobile devices too. They have said if you continue to browse (your action) then you accept the cookies. The no action statement would be if the cookie explanation was in a hidden page and having you browse to it which by then you accepted to cookie unknowingly.

      Why put an "I accept button", just tell the person on the next page visit they get a cookie OR tell them to leave your site. The intentional next page visit of the site visitor is an informed consent. Although sites are available for public viewing they are still owned by the site owners so its not your "right" to view the site but a privilege the site owner has given you since they are running it.

      Thats the problem with this law. There are so many ways to wiggle out that it becomes totally ineffective and the big name users like Google and Amazon know it. In my opinion if they want a proper cookie law, scap it and start fresh while involving technical minds in the discussion and not their neighbour or family members because they like them.

      TL;DR

      Your reading the sign and then continuing is an action on your part so can be classed as informed consent.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019