• 0

EU Cookies Directive - 26th May 2012

Asked by Jimmy0,

 Share

Question

Grand Master

Jimmy0

Posted
Posted

http://www.ico.gov.u...de/cookies.aspx

Is anyone actually aware of the new law coming into effect on 26th May 2012? It basically states that if your website uses cookies to store information on a users PC, you must gain their consent to storing the cookies before doing so. (E.G. The banner displayed at the top of the ICO site).

I am interested to hear from people who run their own websites, and those who work within company's also, as to what (if anything) you / the business you work for, is going to do in order to comply to this new law?

Link to comment
https://www.neowin.net/forum/topic/1076831-eu-cookies-directive-26th-may-2012/
Share on other sites

21 answers to this question

Recommended Posts

  • 0
Mentor

stereopixels

Posted
Posted

My company are opting for a bt.com-style opt-in mechanism; last year we started developing a tougher approach which insisted before people browsed our site they make a decision, but in an interview the information commissioner touched on the BT.com website and how their approach looked "perfectly fine"; our approach would have probably meant more people clicking "no" and leaving us completely unable to track them around our site (I should point out that our Google Analytics cookies are the only cookies we set except for logging into certain areas of our site; we try to be as respectful as possible about our visitor's privacy), BT are using implied consent by allowing a timeout of around 15-20 seconds where they specify that the website will set cookies... if the user ignores or cancels the warning they are giving their consent, if they click the "no cookies" option on the warning instead, then they'll opt out. Once they've opted in or out they can easily change their minds later via a cookie preference option on the page.

  • 0
Grand Master

Glassed Silver

Posted
Posted

Don't host your site in the EU.

Simple lol

I don't host it in Germany, because you are FORCED to write an imprint.

Now generally I'd be fine with writing one, no doubt, but I won't let others tell me what's on my site and what is not.

Suck it, I'll take my business elsewhere haha

Glassed Silver:mac

  • 0
Grand Master

jakem1

Posted
Posted

I'd like to see sites making it clear what they're storing in cookies and giving me the option to keep configuration settings and block any tracking.

Sites also need to work better without cookies. For instance, block cookies on YouTube and you're always presented with an annoying and totally irrelevant banner related to language settings or some nonsense.

I hope the EU really cracks down on sites that ignore the directive.

  • 0
Grand Master

Jimmy0

Posted
  • Author
Posted

My company are opting for a bt.com-style opt-in mechanism; last year we started developing a tougher approach which insisted before people browsed our site they make a decision, but in an interview the information commissioner touched on the BT.com website and how their approach looked "perfectly fine"; our approach would have probably meant more people clicking "no" and leaving us completely unable to track them around our site (I should point out that our Google Analytics cookies are the only cookies we set except for logging into certain areas of our site; we try to be as respectful as possible about our visitor's privacy), BT are using implied consent by allowing a timeout of around 15-20 seconds where they specify that the website will set cookies... if the user ignores or cancels the warning they are giving their consent, if they click the "no cookies" option on the warning instead, then they'll opt out. Once they've opted in or out they can easily change their minds later via a cookie preference option on the page.

Interesting interview... It certainly seems to me that ICO are not overly bothered about explicitly gaining the users consent, but more to trying to educate them about what cookies a site uses and why.

I will be ignoring this directive on my sites when it comes in to effect. Business as usual.

This doesn't surprise me one bit, and I expect it to be the attitude of most people out there.

I'd like to see sites making it clear what they're storing in cookies and giving me the option to keep configuration settings and block any tracking.

Sites also need to work better without cookies. For instance, block cookies on YouTube and you're always presented with an annoying and totally irrelevant banner related to language settings or some nonsense.

I hope the EU really cracks down on sites that ignore the directive.

Well, that in essence is what the new directive is for. However, I cannot personally see it being well enforced.

The company I work for is going for an "all or nothing" solution. This being a modal window that appears asking for the users consent, it has a quick sentence explaining about the new directive, with a link to the privacy policy page (opening in another modal window). It will then have a check box, which when ticked enables a continue button to be pressed, which will then allow them to proceed and use our websites. If you don't click continue, then you will not be able to use our sites.

This is one of the most hideous solutions I have heard of, however none of my protests and different proposed solutions to the problem (e.g. updating the privacy policy page to expand what cookies we use, and why. And perhaps having an information bar along the top of the screen stating about the new directive and linking to this new page, but not stopping the user from using the websites) was listened too, as the higher ups were too scared about being fined due to it not actually gaining the users consent. But hey, what do I know... I am merely a placement student and at the end of the day do what I am told :p

Be interesting to see if we get any complaints from our customers next week when we put this solution live.

  • 0
Community Regular

AdamLC

Posted
Posted

Well I dont care about my personal sites but at work we have had to implement various things on our client sites. Most of them no longer have Google Analytics which on most of them was the only cookies anyway.

Although saying that some clients have opted to use a php server side google analytics method :)

  • 0
Grand Master

jakem1

Posted
Posted

Well, that in essence is what the new directive is for. However, I cannot personally see it being well enforced.

Yes, I know what the directive is for but, as you pointed out in your post, different companies will come up with different solutions to ensure compliance. I just hope that the majority of websites adopt a sensible approach that distinguishes between cookies that are used for settings and cookies that are used for tracking. I doubt that will happen though as most will want to continue tracking users and will ensure that their websites are difficult to use if users don't agree to be tracked.

The company I work for is going for an "all or nothing" solution. This being a modal window that appears asking for the users consent, it has a quick sentence explaining about the new directive, with a link to the privacy policy page (opening in another modal window). It will then have a check box, which when ticked enables a continue button to be pressed, which will then allow them to proceed and use our websites. If you don't click continue, then you will not be able to use our sites.

This is one of the most hideous solutions I have heard of, however none of my protests and different proposed solutions to the problem (e.g. updating the privacy policy page to expand what cookies we use, and why. And perhaps having an information bar along the top of the screen stating about the new directive and linking to this new page, but not stopping the user from using the websites) was listened too, as the higher ups were too scared about being fined due to it not actually gaining the users consent. But hey, what do I know... I am merely a placement student and at the end of the day do what I am told :p

Be interesting to see if we get any complaints from our customers next week when we put this solution live.

I agree. This does sound hideous and it's precisely the sort of thing that I hope websites avoid. However, if companies choose to take an "all-or-nothing" approach to cookies then I hope educated users will choose to avoid them. I should be free to surf the web without having my privacy invaded. The EU directive was designed with that in mind and companies/individuals should abide by the spirit of the directive when redesigning their websites.

  • 0
Grand Master

Jimmy0

Posted
  • Author
Posted

I thought it was already passed last year? Oh well, I stuck a 'proud to ignore the EU cookie directive' on a few of my sites for the hell of it, and ignored it.

It did pass last year, however a 1 year grace period was given in order for websites to develop solutions in order to become compliant.

Well I dont care about my personal sites but at work we have had to implement various things on our client sites. Most of them no longer have Google Analytics which on most of them was the only cookies anyway.

Although saying that some clients have opted to use a php server side google analytics method :)

Did any of those sites rely heavily on needing the statistics given from tracking users? I assume not if they decided not to use Analytics?

I agree. This does sound hideous and it's precisely the sort of thing that I hope websites avoid. However, if companies choose to take an "all-or-nothing" approach to cookies then I hope educated users will choose to avoid them. I should be free to surf the web without having my privacy invaded. The EU directive was designed with that in mind and companies/individuals should abide by the spirit of the directive when redesigning their websites.

Indeed, and I do agree with you. I have protested many times against the design the company has gone for, but to no avail. I am hoping that after a couple of weeks they will see that other sites have not taken to such extreme measures and not getting fined, and they will decide to take a less harsh approach. (This process may even be sped up if we get any customer complaints)

  • 0
Veteran

ZakO

Posted
Posted

Most of our clients' websites use Google Analytics, we're contacting them and giving them the choice (it's their legal responsibility);

  1. Disable Google Analytics (and possibly use different cookieless analytics software/scripts)
  2. Add an Accept / Decline cookies modal window
  3. Ignore the new directive and leave the site as-is.

For my own sites which use Google Analytics I'm going to be (for now at least) ignoring the new directive and seeing how other popular sites approach it. It has already been stated things like Google Analytics are a "grey area" regarding the new directive and it's unlikely anyone will be fined/prosecuted for Google Analytics alone.

  • 0
Grand Master

-Alex-

Posted
Posted

I agree. Lots of sites use Google Analytics as it's a very common thing to have running. Also, look at sites like twitter.com - according to firefox it has set 42 cookies on my computer - I don;t see any intrusive popups there. Facebook is the same too - lots of cookies, yet no popup/warning - personally couldn;t care less on both accounts as all the cookies used in both of those sites are just there for auth and remembering the odd setting, that speeds up my browsing experience significantly. Have also just gone the hsbc website and can't see anything at all relating to cookies.

When those big sites start adhering then I'm sure a lot of other sites will too.

As a web developer, this is just an example of something else you need to take note of * big sigh *

Twitter and Facebook are exempt from this, since they are outside the jurisdiction of the EU directive. As for HSBC, I haven't looked at their site personally, but if the cookie is required for the core functionality of the site, that also makes them exempt.

The directive is more for tracking cookies (like GA).

  • 0
Veteran

+DonC Subscriber²

Posted
  • Subscriber²
Posted

I've taken this as an opportunity to ditch Google Analytics and a social sharing feature. Glad to see the back of them myself.

From what I've found, all the things that people actually look at can be done with log file processors.

  • 0
Enthusiast

Salem874

Posted
Posted

http://www.ico.gov.u...de/cookies.aspx

Is anyone actually aware of the new law coming into effect on 26th May 2012? It basically states that if your website uses cookies to store information on a users PC, you must gain their consent to storing the cookies before doing so. (E.G. The banner displayed at the top of the ICO site).

I am interested to hear from people who run their own websites, and those who work within company's also, as to what (if anything) you / the business you work for, is going to do in order to comply to this new law?

YEah

i heard about it, but didnt hear much detail on what we're required to do and by when until last week when i visited a site (work related) using Cookie Control (i think thats what its called).I'd better start working on getting my sites compliant, not much time left though.

Is this applicable to all sites or only EU hosted ones?

  • 0
Grand Master

-Alex-

Posted
Posted

YEah

i heard about it, but didnt hear much detail on what we're required to do and by when until last week when i visited a site (work related) using Cookie Control (i think thats what its called).I'd better start working on getting my sites compliant, not much time left though.

Is this applicable to all sites or only EU hosted ones?

Not even EU hosted... just EU registered companies. Doesn't matter if it's hosted in the US, the Middle East, or EU... it's only applicable to EU businesses. Hosting location plays no role in it.

To quote a post of mine in another thread:

2 points on cookies, potentially of relevance to the OP:

http://silktide.com/cookielaw

I.e. if the OP is outside the EU, or if the cookie is necessary, it's fine to use a cookie.

  • 0
Grand Master

Glassed Silver

Posted
Posted

[...] Facebook are exempt from this, since they are outside the jurisdiction of the EU directive. [...]

True until you have a logged in session with Facebook, then it gets to Facebook Ireland and hence, has to comply with EU regulations.

So browsing the web, being logged into Facebook (either closed tab + active session with them OR open tab and active session with them) will put them under EU laws.

EU users sign up and agree to TOS with Facebook IRELAND.

Glassed Silver:mac

  • 0
Grand Master

-Alex-

Posted
Posted

True until you have a logged in session with Facebook, then it gets to Facebook Ireland and hence, has to comply with EU regulations.

So browsing the web, being logged into Facebook (either closed tab + active session with them OR open tab and active session with them) will put them under EU laws.

Glassed Silver:mac

Ah, didn't know FB had a company registered outside the US. Just done a credit search on them, and it seems they have more than just the Irish one actually:

post-176093-0-85026600-1337212749_thumb.

Good to know!

  • 0
Grand Master

Glassed Silver

Posted
Posted

Ah, didn't know FB had a company registered outside the US. Just done a credit search on them, and it seems they have more than just the Irish one actually:

post-176093-0-85026600-1337212749_thumb.

Good to know!

Yeah, there are others, but their importance doesn't seem to be of much magnitude, as you always sign up with Facebook Ireland in the EU. (at least here in Germany, and I think that's the case for all EU countries)

That's because the FB Europe HQ is in Ireland, the subsidiaries are of no function to the actual TOS relations to their users afaik.

I guess those are merely for marketing, spokespersons, support, localizations, etc...

Rather the background kind of work - nothing too much TOS-ish. (I guess)

Probably I can buy marketing deals with those, too.

Other way round. Hosting location is irrelevant. The directive covers all EU companies.

Exactly.

I guess the only exception are private persons... Could be totally wrong though...

Glassed Silver:mac

This topic is now closed to further replies.
 Share
Go to question listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Microsoft Edge gets tons of security features, including AI model that can see your screen

      By tsupersonic · Posted

      did they not learn anything from the Recall fiasco?
    • Internet Download Manager (IDM) 6.43 Build 2

      By Copernic · Posted

      Internet Download Manager (IDM) 6.43 Build 2 by Razvan Serea Internet Download Manager (IDM) is a tool to increase download speeds by up to 8 times due to its smart dynamic file segmentation technology. Unlike other download managers and accelerators, Internet Download Manager segments downloaded files dynamically during download process, and it reuses available connections without additional connect and login stages to achieve the best possible acceleration performance. Comprehensive error recovery and resume capability will restart broken or interrupted downloads due to lost connections, network problems, computer shutdowns, or unexpected power outages. All popular browsers are supported IDM integrates seamlessly into Google Chrome, FireFox, Microsoft Edge, Opera, Safari, Internet Explorer, Maxthon and all other popular browsers to automatically handle your downloads. You can also drag and drop files, or use Internet Download Manager from command line. The program supports proxy servers, ftp and http protocols, firewalls, redirects, cookies, authorization, MP3 audio and video content processing. IDM includes web site spider and grabber IDM downloads all required files that are specified with filters from web sites, for example all pictures from a web site, or subsets of web sites, or complete web sites for offline browsing. It's possible to schedule multiple grabber projects to run them once at a specified time, stop them at a specified time, or run periodically to synchronize changes. Easy downloading with one click When you click on a download link in a browser, IDM will take over the download and accelerate it. You don't need to do anything special, just browse the Internet as you usually do. IDM will catch your downloads and accelerate them. IDM supports HTTP, FTP, HTTPS and MMS protocols. Changes in Internet Download Manager 6.43 Build 2: Resolved the problem that caused a "403 Forbidden" error when downloading some files Fixed a problem causing IDM download panel not to appear on some websites Fixed a bug that caused a crash when converting some TS files to MP4 Download: Internet Download Manager 6.43 Build 2 | 11.9 MB (Shareware) Links: Internet Download Manager Website | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Windows 11 is getting redesigned taskbar settings in new build

      By Captain_Eric · Posted

      It's in Experimental (26H2). Settings->Windows Update->Windows Insider Program. Then a) select Experimental, b) below that, select "Advanced Options" (where you will see the three options for "Experimental" builds -> select 26H2 (name change from 25H2 is rolling; so might be 25H2)
    • Why it's almost impossible to produce a smartphone in the United States

      By Shadow8 · Posted

      I am not a US citizen nor a Trump fan. Respect to both left and right. But I will, for the sake of fun, predict something for my own. There will come a day when the US and China will collide like titans ( over Taiwan or anything else ). Then, on that day, some people in this comment section will realize how good an idea it was to become independent in areas like that. ( Or atleast try )
    • Microsoft Edge gets tons of security features, including AI model that can see your screen

      By Usama Jawad96 · Posted

      Microsoft Edge gets tons of security features, including AI model that can see your screen by Usama Jawad Microsoft Edge may not be the most popular browser out there, but it does receive quite frequent updates that sometimes bring surprising new features and axe others that are not as popular. Now, Microsoft has detailed some of the new security enhancements that it has introduced in Edge for Business, typically used by commercial customers. Microsoft has emphasized that security features are baked into Edge for Business and offer native integration with security and governance tools like Defender and Purview. Browser sessions are governed by default on managed devices but can also be governed through dedicated work profiles on unmanaged devices. An important aspect in this area is controlling the use of shadow AI. We have talked about this before, but it essentially restricts employees from using unsanctioned AI apps through data loss prevention (DLP) policies, with Edge redirecting them to trusted AI services like Microsoft 365 Copilot. This feature, available as a pay-as-you-go (PAYG) license, ensures that confidential data never exits AI boundaries set by your organization in Purview. Additionally, Microsoft also has strong DLP policies for contractors. Contractors leveraging a Entra ID-joined work profile provisioned by their contracting company on a device managed by their actual employer can be restricted from downloading files locally. In such scenarios, the file is saved on the contracting firm's OneDrive rather than being downloaded locally. Another useful Edge security feature disallows copying and pasting from unmanaged locations and apps. Similarly, DLP policies can be configured at a granular level to restrict screenshots or downloading of files from certain locations. In the same vein, IT admins can block the installation of extensions, hosted apps, themes and scripts, and control if users can install extensions from external locations. They can also enable the installation of specific extensions and allow users to request access to certain extensions, so that they can be managed on a case-by-case basis. Finally, Edge for Business now has an on-device AI model that uses computer vision to see what's on your screen and block potentially malicious content immediately. This does not rely on site reputation, as it simply monitors what is being displayed on your screen, which means that it is effective against malicious content that takes over your screen and employs scareware tactics. Since this is an on-device AI model, it does use your system's resources, so it's enabled by default only on devices with at least 2GB of RAM and four CPU cores. You can find more details in the Microsoft Mechanics video here.

  • Recent Achievements

    • Dedicated
      Zeynel earned a badge
      Dedicated
    • One Month Later
      JKR earned a badge
      One Month Later
    • Dedicated
      Asgardi earned a badge
      Dedicated
    • Conversation Starter
      jessse3334 earned a badge
      Conversation Starter
    • Reacting Well
      JuvenileDelinquent earned a badge
      Reacting Well

  • Popular Contributors

    1. 1
      +primortal
      495
    2. 2
      +Edouard
      247
    3. 3
      PsYcHoKiLLa
      154
    4. 4
      Steven P.
      86
    5. 5
      macoman
      65
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!