21 replies to this topic

[Jimmy0]

http://www.ico.gov.u...de/cookies.aspx

Is anyone actually aware of the new law coming into effect on 26th May 2012? It basically states that if your website uses cookies to store information on a users PC, you must gain their consent to storing the cookies before doing so. (E.G. The banner displayed at the top of the ICO site).

I am interested to hear from people who run their own websites, and those who work within company's also, as to what (if anything) you / the business you work for, is going to do in order to comply to this new law?

[+stereopixels]

My company are opting for a bt.com-style opt-in mechanism; last year we started developing a tougher approach which insisted before people browsed our site they make a decision, but in an interview the information commissioner touched on the BT.com website and how their approach looked "perfectly fine"; our approach would have probably meant more people clicking "no" and leaving us completely unable to track them around our site (I should point out that our Google Analytics cookies are the only cookies we set except for logging into certain areas of our site; we try to be as respectful as possible about our visitor's privacy), BT are using implied consent by allowing a timeout of around 15-20 seconds where they specify that the website will set cookies... if the user ignores or cancels the warning they are giving their consent, if they click the "no cookies" option on the warning instead, then they'll opt out. Once they've opted in or out they can easily change their minds later via a cookie preference option on the page.

[+Vice]

I will be ignoring this directive on my sites when it comes in to effect. Business as usual.

[Miuku.]

Vice, on 12 May 2012 - 13:03, said:

I will be ignoring this directive on my sites when it comes in to effect. Business as usual.

*stalks Vice's website and sicks missus the lawyer on Vice*

[Glassed Silver]

Don't host your site in the EU.
Simple lol

I don't host it in Germany, because you are FORCED to write an imprint.
Now generally I'd be fine with writing one, no doubt, but I won't let others tell me what's on my site and what is not.
Suck it, I'll take my business elsewhere haha

Glassed Silver:mac

[jakem1]

I'd like to see sites making it clear what they're storing in cookies and giving me the option to keep configuration settings and block any tracking.

Sites also need to work better without cookies. For instance, block cookies on YouTube and you're always presented with an annoying and totally irrelevant banner related to language settings or some nonsense.

I hope the EU really cracks down on sites that ignore the directive.

[Jimmy0]

stereopixels, on 12 May 2012 - 12:59, said:

My company are opting for a bt.com-style opt-in mechanism; last year we started developing a tougher approach which insisted before people browsed our site they make a decision, but in an interview the information commissioner touched on the BT.com website and how their approach looked "perfectly fine"; our approach would have probably meant more people clicking "no" and leaving us completely unable to track them around our site (I should point out that our Google Analytics cookies are the only cookies we set except for logging into certain areas of our site; we try to be as respectful as possible about our visitor's privacy), BT are using implied consent by allowing a timeout of around 15-20 seconds where they specify that the website will set cookies... if the user ignores or cancels the warning they are giving their consent, if they click the "no cookies" option on the warning instead, then they'll opt out. Once they've opted in or out they can easily change their minds later via a cookie preference option on the page.

Interesting interview... It certainly seems to me that ICO are not overly bothered about explicitly gaining the users consent, but more to trying to educate them about what cookies a site uses and why.

Vice, on 12 May 2012 - 13:03, said:

I will be ignoring this directive on my sites when it comes in to effect. Business as usual.

This doesn't surprise me one bit, and I expect it to be the attitude of most people out there.

jakem1, on 12 May 2012 - 14:50, said:

I'd like to see sites making it clear what they're storing in cookies and giving me the option to keep configuration settings and block any tracking.

Sites also need to work better without cookies. For instance, block cookies on YouTube and you're always presented with an annoying and totally irrelevant banner related to language settings or some nonsense.

I hope the EU really cracks down on sites that ignore the directive.

Well, that in essence is what the new directive is for. However, I cannot personally see it being well enforced.



The company I work for is going for an "all or nothing" solution. This being a modal window that appears asking for the users consent, it has a quick sentence explaining about the new directive, with a link to the privacy policy page (opening in another modal window). It will then have a check box, which when ticked enables a continue button to be pressed, which will then allow them to proceed and use our websites. If you don't click continue, then you will not be able to use our sites.

This is one of the most hideous solutions I have heard of, however none of my protests and different proposed solutions to the problem (e.g. updating the privacy policy page to expand what cookies we use, and why. And perhaps having an information bar along the top of the screen stating about the new directive and linking to this new page, but not stopping the user from using the websites) was listened too, as the higher ups were too scared about being fined due to it not actually gaining the users consent. But hey, what do I know... I am merely a placement student and at the end of the day do what I am told

Be interesting to see if we get any complaints from our customers next week when we put this solution live.

[n_K]

I thought it was already passed last year? Oh well, I stuck a 'proud to ignore the EU cookie directive' on a few of my sites for the hell of it, and ignored it.

[AdamLC]

Well I dont care about my personal sites but at work we have had to implement various things on our client sites. Most of them no longer have Google Analytics which on most of them was the only cookies anyway.

Although saying that some clients have opted to use a php server side google analytics method

[jakem1]

Jimmy0, on 12 May 2012 - 16:59, said:

Well, that in essence is what the new directive is for. However, I cannot personally see it being well enforced.

Yes, I know what the directive is for but, as you pointed out in your post, different companies will come up with different solutions to ensure compliance. I just hope that the majority of websites adopt a sensible approach that distinguishes between cookies that are used for settings and cookies that are used for tracking. I doubt that will happen though as most will want to continue tracking users and will ensure that their websites are difficult to use if users don't agree to be tracked.

Jimmy0, on 12 May 2012 - 16:59, said:

The company I work for is going for an "all or nothing" solution. This being a modal window that appears asking for the users consent, it has a quick sentence explaining about the new directive, with a link to the privacy policy page (opening in another modal window). It will then have a check box, which when ticked enables a continue button to be pressed, which will then allow them to proceed and use our websites. If you don't click continue, then you will not be able to use our sites.

This is one of the most hideous solutions I have heard of, however none of my protests and different proposed solutions to the problem (e.g. updating the privacy policy page to expand what cookies we use, and why. And perhaps having an information bar along the top of the screen stating about the new directive and linking to this new page, but not stopping the user from using the websites) was listened too, as the higher ups were too scared about being fined due to it not actually gaining the users consent. But hey, what do I know... I am merely a placement student and at the end of the day do what I am told

Be interesting to see if we get any complaints from our customers next week when we put this solution live.

I agree. This does sound hideous and it's precisely the sort of thing that I hope websites avoid. However, if companies choose to take an "all-or-nothing" approach to cookies then I hope educated users will choose to avoid them. I should be free to surf the web without having my privacy invaded. The EU directive was designed with that in mind and companies/individuals should abide by the spirit of the directive when redesigning their websites.

[jakem1]

n_K, on 12 May 2012 - 17:18, said:

I thought it was already passed last year?

It was passed last year but it only comes into effect this year to give everyone an opportunity to modify their sites.

[Jimmy0]

n_K, on 12 May 2012 - 17:18, said:

I thought it was already passed last year? Oh well, I stuck a 'proud to ignore the EU cookie directive' on a few of my sites for the hell of it, and ignored it.

It did pass last year, however a 1 year grace period was given in order for websites to develop solutions in order to become compliant.

AdamLC, on 12 May 2012 - 17:22, said:

Well I dont care about my personal sites but at work we have had to implement various things on our client sites. Most of them no longer have Google Analytics which on most of them was the only cookies anyway.

Although saying that some clients have opted to use a php server side google analytics method

Did any of those sites rely heavily on needing the statistics given from tracking users? I assume not if they decided not to use Analytics?

jakem1, on 12 May 2012 - 17:25, said:

I agree. This does sound hideous and it's precisely the sort of thing that I hope websites avoid. However, if companies choose to take an "all-or-nothing" approach to cookies then I hope educated users will choose to avoid them. I should be free to surf the web without having my privacy invaded. The EU directive was designed with that in mind and companies/individuals should abide by the spirit of the directive when redesigning their websites.

Indeed, and I do agree with you. I have protested many times against the design the company has gone for, but to no avail. I am hoping that after a couple of weeks they will see that other sites have not taken to such extreme measures and not getting fined, and they will decide to take a less harsh approach. (This process may even be sped up if we get any customer complaints)

[ZakO]

Most of our clients' websites use Google Analytics, we're contacting them and giving them the choice (it's their legal responsibility);

• Disable Google Analytics (and possibly use different cookieless analytics software/scripts)
  
• Add an Accept / Decline cookies modal window
  
• Ignore the new directive and leave the site as-is.

For my own sites which use Google Analytics I'm going to be (for now at least) ignoring the new directive and seeing how other popular sites approach it. It has already been stated things like Google Analytics are a "grey area" regarding the new directive and it's unlikely anyone will be fined/prosecuted for Google Analytics alone.

[-Alex-]

rallport, on 16 May 2012 - 19:34, said:

I agree. Lots of sites use Google Analytics as it's a very common thing to have running. Also, look at sites like twitter.com - according to firefox it has set 42 cookies on my computer - I don;t see any intrusive popups there. Facebook is the same too - lots of cookies, yet no popup/warning - personally couldn;t care less on both accounts as all the cookies used in both of those sites are just there for auth and remembering the odd setting, that speeds up my browsing experience significantly. Have also just gone the hsbc website and can't see anything at all relating to cookies.

When those big sites start adhering then I'm sure a lot of other sites will too.

As a web developer, this is just an example of something else you need to take note of * big sigh *

Twitter and Facebook are exempt from this, since they are outside the jurisdiction of the EU directive. As for HSBC, I haven't looked at their site personally, but if the cookie is required for the core functionality of the site, that also makes them exempt.

The directive is more for tracking cookies (like GA).

[+DonC]

I've taken this as an opportunity to ditch Google Analytics and a social sharing feature. Glad to see the back of them myself.

From what I've found, all the things that people actually look at can be done with log file processors.