• 0

EU Cookies Directive - 26th May 2012

Asked by Jimmy0,

 Share

Question

Grand Master

Jimmy0

Posted
Posted

http://www.ico.gov.u...de/cookies.aspx

Is anyone actually aware of the new law coming into effect on 26th May 2012? It basically states that if your website uses cookies to store information on a users PC, you must gain their consent to storing the cookies before doing so. (E.G. The banner displayed at the top of the ICO site).

I am interested to hear from people who run their own websites, and those who work within company's also, as to what (if anything) you / the business you work for, is going to do in order to comply to this new law?

Link to comment
https://www.neowin.net/forum/topic/1076831-eu-cookies-directive-26th-may-2012/
Share on other sites

21 answers to this question

Recommended Posts

  • 0
Mentor

stereopixels

Posted
Posted

My company are opting for a bt.com-style opt-in mechanism; last year we started developing a tougher approach which insisted before people browsed our site they make a decision, but in an interview the information commissioner touched on the BT.com website and how their approach looked "perfectly fine"; our approach would have probably meant more people clicking "no" and leaving us completely unable to track them around our site (I should point out that our Google Analytics cookies are the only cookies we set except for logging into certain areas of our site; we try to be as respectful as possible about our visitor's privacy), BT are using implied consent by allowing a timeout of around 15-20 seconds where they specify that the website will set cookies... if the user ignores or cancels the warning they are giving their consent, if they click the "no cookies" option on the warning instead, then they'll opt out. Once they've opted in or out they can easily change their minds later via a cookie preference option on the page.

  • 0
Grand Master

Glassed Silver

Posted
Posted

Don't host your site in the EU.

Simple lol

I don't host it in Germany, because you are FORCED to write an imprint.

Now generally I'd be fine with writing one, no doubt, but I won't let others tell me what's on my site and what is not.

Suck it, I'll take my business elsewhere haha

Glassed Silver:mac

  • 0
Grand Master

jakem1

Posted
Posted

I'd like to see sites making it clear what they're storing in cookies and giving me the option to keep configuration settings and block any tracking.

Sites also need to work better without cookies. For instance, block cookies on YouTube and you're always presented with an annoying and totally irrelevant banner related to language settings or some nonsense.

I hope the EU really cracks down on sites that ignore the directive.

  • 0
Grand Master

Jimmy0

Posted
  • Author
Posted

My company are opting for a bt.com-style opt-in mechanism; last year we started developing a tougher approach which insisted before people browsed our site they make a decision, but in an interview the information commissioner touched on the BT.com website and how their approach looked "perfectly fine"; our approach would have probably meant more people clicking "no" and leaving us completely unable to track them around our site (I should point out that our Google Analytics cookies are the only cookies we set except for logging into certain areas of our site; we try to be as respectful as possible about our visitor's privacy), BT are using implied consent by allowing a timeout of around 15-20 seconds where they specify that the website will set cookies... if the user ignores or cancels the warning they are giving their consent, if they click the "no cookies" option on the warning instead, then they'll opt out. Once they've opted in or out they can easily change their minds later via a cookie preference option on the page.

Interesting interview... It certainly seems to me that ICO are not overly bothered about explicitly gaining the users consent, but more to trying to educate them about what cookies a site uses and why.

I will be ignoring this directive on my sites when it comes in to effect. Business as usual.

This doesn't surprise me one bit, and I expect it to be the attitude of most people out there.

I'd like to see sites making it clear what they're storing in cookies and giving me the option to keep configuration settings and block any tracking.

Sites also need to work better without cookies. For instance, block cookies on YouTube and you're always presented with an annoying and totally irrelevant banner related to language settings or some nonsense.

I hope the EU really cracks down on sites that ignore the directive.

Well, that in essence is what the new directive is for. However, I cannot personally see it being well enforced.

The company I work for is going for an "all or nothing" solution. This being a modal window that appears asking for the users consent, it has a quick sentence explaining about the new directive, with a link to the privacy policy page (opening in another modal window). It will then have a check box, which when ticked enables a continue button to be pressed, which will then allow them to proceed and use our websites. If you don't click continue, then you will not be able to use our sites.

This is one of the most hideous solutions I have heard of, however none of my protests and different proposed solutions to the problem (e.g. updating the privacy policy page to expand what cookies we use, and why. And perhaps having an information bar along the top of the screen stating about the new directive and linking to this new page, but not stopping the user from using the websites) was listened too, as the higher ups were too scared about being fined due to it not actually gaining the users consent. But hey, what do I know... I am merely a placement student and at the end of the day do what I am told :p

Be interesting to see if we get any complaints from our customers next week when we put this solution live.

  • 0
Community Regular

AdamLC

Posted
Posted

Well I dont care about my personal sites but at work we have had to implement various things on our client sites. Most of them no longer have Google Analytics which on most of them was the only cookies anyway.

Although saying that some clients have opted to use a php server side google analytics method :)

  • 0
Grand Master

jakem1

Posted
Posted

Well, that in essence is what the new directive is for. However, I cannot personally see it being well enforced.

Yes, I know what the directive is for but, as you pointed out in your post, different companies will come up with different solutions to ensure compliance. I just hope that the majority of websites adopt a sensible approach that distinguishes between cookies that are used for settings and cookies that are used for tracking. I doubt that will happen though as most will want to continue tracking users and will ensure that their websites are difficult to use if users don't agree to be tracked.

The company I work for is going for an "all or nothing" solution. This being a modal window that appears asking for the users consent, it has a quick sentence explaining about the new directive, with a link to the privacy policy page (opening in another modal window). It will then have a check box, which when ticked enables a continue button to be pressed, which will then allow them to proceed and use our websites. If you don't click continue, then you will not be able to use our sites.

This is one of the most hideous solutions I have heard of, however none of my protests and different proposed solutions to the problem (e.g. updating the privacy policy page to expand what cookies we use, and why. And perhaps having an information bar along the top of the screen stating about the new directive and linking to this new page, but not stopping the user from using the websites) was listened too, as the higher ups were too scared about being fined due to it not actually gaining the users consent. But hey, what do I know... I am merely a placement student and at the end of the day do what I am told :p

Be interesting to see if we get any complaints from our customers next week when we put this solution live.

I agree. This does sound hideous and it's precisely the sort of thing that I hope websites avoid. However, if companies choose to take an "all-or-nothing" approach to cookies then I hope educated users will choose to avoid them. I should be free to surf the web without having my privacy invaded. The EU directive was designed with that in mind and companies/individuals should abide by the spirit of the directive when redesigning their websites.

  • 0
Grand Master

Jimmy0

Posted
  • Author
Posted

I thought it was already passed last year? Oh well, I stuck a 'proud to ignore the EU cookie directive' on a few of my sites for the hell of it, and ignored it.

It did pass last year, however a 1 year grace period was given in order for websites to develop solutions in order to become compliant.

Well I dont care about my personal sites but at work we have had to implement various things on our client sites. Most of them no longer have Google Analytics which on most of them was the only cookies anyway.

Although saying that some clients have opted to use a php server side google analytics method :)

Did any of those sites rely heavily on needing the statistics given from tracking users? I assume not if they decided not to use Analytics?

I agree. This does sound hideous and it's precisely the sort of thing that I hope websites avoid. However, if companies choose to take an "all-or-nothing" approach to cookies then I hope educated users will choose to avoid them. I should be free to surf the web without having my privacy invaded. The EU directive was designed with that in mind and companies/individuals should abide by the spirit of the directive when redesigning their websites.

Indeed, and I do agree with you. I have protested many times against the design the company has gone for, but to no avail. I am hoping that after a couple of weeks they will see that other sites have not taken to such extreme measures and not getting fined, and they will decide to take a less harsh approach. (This process may even be sped up if we get any customer complaints)

  • 0
Veteran

ZakO

Posted
Posted

Most of our clients' websites use Google Analytics, we're contacting them and giving them the choice (it's their legal responsibility);

  1. Disable Google Analytics (and possibly use different cookieless analytics software/scripts)
  2. Add an Accept / Decline cookies modal window
  3. Ignore the new directive and leave the site as-is.

For my own sites which use Google Analytics I'm going to be (for now at least) ignoring the new directive and seeing how other popular sites approach it. It has already been stated things like Google Analytics are a "grey area" regarding the new directive and it's unlikely anyone will be fined/prosecuted for Google Analytics alone.

  • 0
Grand Master

-Alex-

Posted
Posted

I agree. Lots of sites use Google Analytics as it's a very common thing to have running. Also, look at sites like twitter.com - according to firefox it has set 42 cookies on my computer - I don;t see any intrusive popups there. Facebook is the same too - lots of cookies, yet no popup/warning - personally couldn;t care less on both accounts as all the cookies used in both of those sites are just there for auth and remembering the odd setting, that speeds up my browsing experience significantly. Have also just gone the hsbc website and can't see anything at all relating to cookies.

When those big sites start adhering then I'm sure a lot of other sites will too.

As a web developer, this is just an example of something else you need to take note of * big sigh *

Twitter and Facebook are exempt from this, since they are outside the jurisdiction of the EU directive. As for HSBC, I haven't looked at their site personally, but if the cookie is required for the core functionality of the site, that also makes them exempt.

The directive is more for tracking cookies (like GA).

  • 0
Veteran

+DonC Subscriber²

Posted
  • Subscriber²
Posted

I've taken this as an opportunity to ditch Google Analytics and a social sharing feature. Glad to see the back of them myself.

From what I've found, all the things that people actually look at can be done with log file processors.

  • 0
Enthusiast

Salem874

Posted
Posted

http://www.ico.gov.u...de/cookies.aspx

Is anyone actually aware of the new law coming into effect on 26th May 2012? It basically states that if your website uses cookies to store information on a users PC, you must gain their consent to storing the cookies before doing so. (E.G. The banner displayed at the top of the ICO site).

I am interested to hear from people who run their own websites, and those who work within company's also, as to what (if anything) you / the business you work for, is going to do in order to comply to this new law?

YEah

i heard about it, but didnt hear much detail on what we're required to do and by when until last week when i visited a site (work related) using Cookie Control (i think thats what its called).I'd better start working on getting my sites compliant, not much time left though.

Is this applicable to all sites or only EU hosted ones?

  • 0
Grand Master

-Alex-

Posted
Posted

YEah

i heard about it, but didnt hear much detail on what we're required to do and by when until last week when i visited a site (work related) using Cookie Control (i think thats what its called).I'd better start working on getting my sites compliant, not much time left though.

Is this applicable to all sites or only EU hosted ones?

Not even EU hosted... just EU registered companies. Doesn't matter if it's hosted in the US, the Middle East, or EU... it's only applicable to EU businesses. Hosting location plays no role in it.

To quote a post of mine in another thread:

2 points on cookies, potentially of relevance to the OP:

http://silktide.com/cookielaw

I.e. if the OP is outside the EU, or if the cookie is necessary, it's fine to use a cookie.

  • 0
Grand Master

Glassed Silver

Posted
Posted

[...] Facebook are exempt from this, since they are outside the jurisdiction of the EU directive. [...]

True until you have a logged in session with Facebook, then it gets to Facebook Ireland and hence, has to comply with EU regulations.

So browsing the web, being logged into Facebook (either closed tab + active session with them OR open tab and active session with them) will put them under EU laws.

EU users sign up and agree to TOS with Facebook IRELAND.

Glassed Silver:mac

  • 0
Grand Master

-Alex-

Posted
Posted

True until you have a logged in session with Facebook, then it gets to Facebook Ireland and hence, has to comply with EU regulations.

So browsing the web, being logged into Facebook (either closed tab + active session with them OR open tab and active session with them) will put them under EU laws.

Glassed Silver:mac

Ah, didn't know FB had a company registered outside the US. Just done a credit search on them, and it seems they have more than just the Irish one actually:

post-176093-0-85026600-1337212749_thumb.

Good to know!

  • 0
Grand Master

Glassed Silver

Posted
Posted

Ah, didn't know FB had a company registered outside the US. Just done a credit search on them, and it seems they have more than just the Irish one actually:

post-176093-0-85026600-1337212749_thumb.

Good to know!

Yeah, there are others, but their importance doesn't seem to be of much magnitude, as you always sign up with Facebook Ireland in the EU. (at least here in Germany, and I think that's the case for all EU countries)

That's because the FB Europe HQ is in Ireland, the subsidiaries are of no function to the actual TOS relations to their users afaik.

I guess those are merely for marketing, spokespersons, support, localizations, etc...

Rather the background kind of work - nothing too much TOS-ish. (I guess)

Probably I can buy marketing deals with those, too.

Other way round. Hosting location is irrelevant. The directive covers all EU companies.

Exactly.

I guess the only exception are private persons... Could be totally wrong though...

Glassed Silver:mac

This topic is now closed to further replies.
 Share
Go to question listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Researchers claim Microsoft's quantum breakthrough is flawed by basic Python errors

      By Fleet Command · Posted

      🙄
    • Limited time Prime Day deal cuts price of this Hisense 65" 4K smart TV in half

      By Ivan Jenic · Posted

      Limited time Prime Day deal cuts price of this Hisense 65" 4K smart TV in half by Ivan Jenic It’s Amazon Prime Day, and brands are offering great deals to consumers. One of the best deals of the day is definitely this Hisense 65" U7, which is currently $799.99 on Amazon, down from $1,499.99. That's nearly 50% off and $700 saved on this feature-packed 4K TV (purchase link down below). The U7 uses Mini-LED backlighting with up to 3,000 local dimming zones and up to 3,000 nits of peak brightness. That means blacks are truly deep and highlights are punchy enough to hold up even in bright rooms. The screen is covered with a dual-layer anti-reflection coating, which prevents the afternoon overhead lights from washing the picture. For gaming, the native 165Hz refresh rate and VRR 330 support make this one a great TV option for PS5 and Xbox Series X. The TV even features a native game mode, which should help minimize the input lag for a better gaming experience. Audio is handled by a 2.1.2 channel system tuned by Devialet, which is a notable partnership for a TV at this price. Additionally, Dolby Vision IQ, Dolby Atmos, and IMAX Enhanced are all supported. It runs Fire TV with Alexa+ built in. So, if you’re looking for a sharp, large screen to watch the World Cup on, the U7 at this price is definitely an attractive option. Speaking of which, Hisense is the official sponsor of the World Cup, which should mean absolutely nothing to you, and isn’t the reason why you should by this TV. The reason why you should buy it is that it’s “la bella televisione, HDTV-compatible, beautiful,” and available at half the price. Hisense 65" U7 Mini-LED 4K Smart Fire TV - $799.99 | 47% off on Amazon Good to know This Amazon deal is U.S. specific, and not available in other regions unless specified. We only use first-party seller links (at the time of article publishing); ensure that you purchase from a first-party seller link only. Check out Today's Deals on Amazon | or our recent tech deals. Become a Prime member (for Students or SNAP) via Neowin Get Prime Access - Prime for half price (for qualifying Medicaid, EBT, SNAP) Subscribe to Prime Video, Audible Plus, Music Unlimited or Kindle Unlimited via Neowin As an Amazon Associate, we earn from qualifying purchases.
    • eM Client 10.4.5600.0

      By Copernic · Posted

      eM Client 10.4.5600.0 by Razvan Serea eM Client is a full featured e-mail client with a modern and easy to use interface. eM Client also offers calendar, tasks, contacts and chat. eM Client supports all major services including Gmail, Exchange, iCloud, and Outlook.com. You can easily import your data from most of the other e-mail clients. This includes Microsoft Outlook, Outlook Express, Windows Mail, Windows Live Mail, Thunderbird, The Bat and more. eM Client fully supports touch devices like touch-enabled laptops, tablets and hybrid devices. Use your email client easily in a modern way. eM Client PRO vs. Free version While the Free license allows you to set up the maximum of two accounts in the application, it is possible to add an unlimited number of accounts with the PRO license. The PRO license also enables you to use eM Client for commercial purposes. Commercial use is any activity that helps you make profit, the Free license therefore cannot be used in company settings or on personal computers for business correspondence. PRO users also gain access to the dedicated support system and to the licensing manager. eM Client has been fully optimized to run smoothly on Windows Vista, 7, 8, 10 and 11. eM Client 10.4.5600.0 changelog: Improved memory management Improved MS Teams support A lot of other fixes Download: eM Client 10.4.5600 | 128.0 MB (Free, paid upgrade available) View: eM Client Website | eM Client Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • EU says AWS and Microsoft Azure should be treated as DMA gatekeepers

      By Nas · Posted

      Re: Capitalism. It's just 1 of dozens of economic models currently-adopted worldwide; most national models separate money from politics thereby limiting the influence wealth carries over the economy (due to limited tentacles wealth politics has over the broader economy). The "American model" of unfettered financial influence should NOT be the variant of pure capitalism adopted worldwide. More regulations formulated within this variant is effectively useless due to the misalignment between regulatory objectives and fundamental influence wealth politics carry over the market. Re: enough money. Without constraining the breadth/depth/scope/scale that any measure of money/wealth can have within a market, there will always inherently be those who have "enough money" and those who do not. Those without "enough money" will always lose -- regardless if a bedroom DJ, indie developer, or million-dollar corporation going against a billion-dollar mega-corporation. The evil is the absence of guardrails against the influence of wealth; not the mere existence of wealth. Re: dragged through the courts. The liberalist nature of litigation does not exclude anyone, anywhere, for any reason for getting dragged through the courts. Rather than formalize remediation pathways for various perceived ills, everything is left up to flawed interpretations... and this is where a litigation-averse community fails to thrive (thus a losing proposition when dragged to courts). Everyone should have more protections and clear remediation strategies! Going to an alternate remediation arbitration is OK so long as the case review and remediation processes are clear and transparent. For corporations, hit them where it hurts: automatic financial penalties. (PS: This is where corporate risk management strategies would do well to behave more ethically.) Overall, failure to truly shake-up the incentive core and regulatory extremities of the economic market will necessarily mean that all other actions are simply applying lipstick on a pig. Change begins from the inside. Is the root cause of the problem that a majority of consumers within a market goes for Option Brand-name versus Option Indie? Or that brand-name is spending foreign money to control domestic markets? Or that money is the objective measure for success across all walks of life? Or that deep pockets dictate the moral and ethical rights/wrongs of entire societies? Regardless of the answer (and there's nothing inherently wrong with being a socialist or communist or whatever label your surroundings deem 'cool' or 'uncool') there's a common thread: If a market truly wants to nurture domestic innovation, then performative finger-wagging will do nothing to that end.
    • Researchers claim Microsoft's quantum breakthrough is flawed by basic Python errors

      By +pmrd · Posted

      Lol, I won't even bother explaining the joke to you.

  • Recent Achievements

    • Conversation Starter
      Admir earned a badge
      Conversation Starter
    • First Post
      The_Focal_Point earned a badge
      First Post
    • Apprentice
      daryld went up a rank
      Apprentice
    • Contributor
      Carltonbar went up a rank
      Contributor
    • One Month Later
      The_Focal_Point earned a badge
      One Month Later

  • Popular Contributors

    1. 1
      +primortal
      407
    2. 2
      +Edouard
      167
    3. 3
      PsYcHoKiLLa
      130
    4. 4
      Xenon
      71
    5. 5
      neufuse
      69
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!