bit-tech.net

Confusion over EU cookie legislation

Confusion over EU cookie legislation

Confusion over cookies reigns.

The UK's implementation of new EU e-privacy regulations has been thrown into confusion, after Culture Secretary Ed Vaizey signed an open letter saying that websites may not, after all, need to gain user consent to deploy cookies.

New laws stipulate that unless a cookie is required for a service, such as online checkouts, websites must gain consent from users before dropping them onto systems.

However, Vaizey's letter says the new rules do not necessarily require 'prior consent,' and that there is 'no indication in the definition as to when that consent may be given, and so it is possible that consent may be given after or during processing.'

This could effectively mean that websites can be let off the hook from deploying cookies, with the emphasis instead placed on browser settings offering the option to approve or decline consent.

Regardless, fines for breaching the new regulations will not come into effect until next year.

What's your take on the EU's e-privacy legislation? Is it really possible to police the Internet effectively, or will most sites simply ignore the rules? Let us know in the forums.

16 Comments

Discuss in the forums Reply
Greenie 25th May 2011, 13:00 Quote
Nice image! That really improved my day.
Jamie 25th May 2011, 13:16 Quote
I think it's funny that if you want to remember that a user has asked not to store cookies you must set a cookie.
ev1lm1nd666 25th May 2011, 13:34 Quote
So the EU brings out a law which controls the use of cookies by websites, then our government turns around and effectively tells the websites "don't worry about it, we can't be bothered"?

When will the government learn to keep it's nose out of things it doesn't understand?
Spuzzell 25th May 2011, 13:55 Quote
So, the EU law says cookies are illegal and VERBOTEN without user consent.

Unless "required for a service." Awesome, no loopholes or confusions there at all.
specofdust 25th May 2011, 14:15 Quote
There may be grey areas, but at least this prevents things like tracking cookies. If I visit some news site once to read an article on their site, they are not providing me a service by attempting to track all the future sites I visit.

It may not be as clear cut as one would want, but for the worst offenders on this type of things, it definitely makes what they're doing illegal.
Ayrto 25th May 2011, 14:24 Quote
As always the EU tries to do the right thing by the consumer(people) ... the Tories the right thing by big business.

Britain is currently in the process of being taken to court over its casual attitude to the UK publics net privacy.http://www.bbc.co.uk/news/world-europe-11443734

You've also got the very same Vaizey trying to further erode net neutrality(sop to ISPs), to sweeten the pill that is his attempt to introduce compulsory ISP level, content blocking (obviously deeply unpopular with ISPs). Can't imagine the average net user being thrilled about the prospect of having to ring an ISP when Vaizey's 'opt out' system is in place, in order to have adult themed content 'unlocked' on their account at ISP level. Many have long argued such systems should be 'opt in ' not 'opt out' like the system Vaizey has planned.

If Vaizey and the Tories get their way, they will mess up the net in the UK.
pimlicosound 25th May 2011, 16:31 Quote
Quote:
Originally Posted by Ayrto
As always the EU tries to do the right thing by the consumer(people)

I find it hard to believe that an organisation that has not had its accounts signed off in the last 15 years, re-runs elections until it gets the results it wants, and fires any whistleblowers for their betrayal, has any interest in doing what's right for the people.

So I'm wary of any regulations emanating from Brussels. However, I'm also wary of regulations coming from Westminster, so I guess I'm all in a bind. [Gets all shifty-eyed because a regulation might be creeping up behind him as he types]
Farfalho 25th May 2011, 16:31 Quote
I wanna join the blue side, they have cookies!!

Unfortunately, only educated people on this subject should be deliberating laws. Laymen should step aside when it comes to this situations and for not doing that outrageous things happens and the world goes bursting in trolling
SexyHyde 25th May 2011, 16:57 Quote
Personally I prefer biscuits.

Of all the evils on the internet, they've gone after cookies.
Ayrto 25th May 2011, 17:06 Quote
Quote:
Originally Posted by pimlicosound
I find it hard to believe that an organisation that has not had its accounts signed off in the last 15 years, re-runs elections until it gets the results it wants, and fires any whistleblowers for their betrayal, has any interest in doing what's right for the people.

So I'm wary of any regulations emanating from Brussels. However, I'm also wary of regulations coming from Westminster, so I guess I'm all in a bind. [Gets all shifty-eyed because a regulation might be creeping up behind him as he types]

If you haven't already ,it may be worth reading some of the speeches by the EU's Dutch, Digital Agenda Commissioner Neelie Kroes, on these subjects. I think you'll find her proposals are eminently sensible, and very net user/ consumer friendly. There is obviously a broader debate to be had here , in which privacy is just a small part , net neutrality is another and ISP speed responsibilities, specifically the ability to quickly break out of contracts where claimed speeds aren't being met is another. Not all EU rules are bad rules if they're genuinely consumer friendly.


Of course the Sun/Mail would misrepresent any and all of these new proposals as somehow bad.
AstralWanderer 25th May 2011, 17:37 Quote
The wording of EU Directive 2002/58/EC seems quite clear (section 25). Cookies and any other data stored on "terminal equipment" must have a "legitimate purpose" and even then consumers must be informed and given the choice of an opt-out (though as Jamie notes, this then needs an opt-out cookie).

On the plus side, this should cover Flash local storage, HTML 5 persistent storage, Javascript cookies and similar tracking tools. On the minus side, the biggest offenders (Google, Omniture, Paypal, Facebook) are US-based (making enforcement difficult) and this doesn't address browser fingerprinting (which can be just as effective as cookies in tracking users with a static IP address) since it requires no data stored on the "terminal equipment" at all.

Also when even the European Data Protection Supervisor website fails to comply, it doesn't give much confidence in the EU's ability (or willingness) to enforce this directive. So it will still be technical countermeasures (web filtering, hosts files, browser privacy settings) that provide the greatest safeguards.
tad2008 25th May 2011, 20:55 Quote
Everyone knows that cookies in themselves are harmless, its how they are used that across websites that is the real issue.

What about data stored relating to Flash or Java / Javascript based apps, surely that is at least as intrusive if not more so?
AstralWanderer 26th May 2011, 13:33 Quote
Quote:
Originally Posted by tad2008
What about data stored relating to Flash or Java / Javascript based apps, surely that is at least as intrusive if not more so?
That's included in the wording of the directive (see link above) - cookies are quoted as an example.
Nedsbeds 27th May 2011, 08:01 Quote
Quote:
Originally Posted by AstralWanderer
The wording of EU Directive 2002/58/EC seems quite clear (section 25). Cookies and any other data stored on "terminal equipment" must have a "legitimate purpose" and even then consumers must be informed and given the choice of an opt-out (though as Jamie notes, this then needs an opt-out cookie).

That isn't clear since there is no real commital on what is a legitimate purpose. I consider remarketing to be a legitimate practice. I'm sure a lot of people would disagree though.

But one paragraph taken out of the whole directive is no use. Even the ICO's guideline document is intentionally vague, not setting out any concrete ways to meet the legislation.

The ICO have updated their own website with one possible solution. Frankly It looks ****, is a waste of time,and does absolutely nothing except inconvenience the user. It certainly isn't protecting privacy.
andyb123 27th May 2011, 10:29 Quote
Quote:
Originally Posted by Ayrto


If Vaizey and the Tories get their way, they will mess up the net in the UK.


don't forget that it was Labour that rushed through the Digital Economy Act 2010 which says that they can basically cut off your internet if they *think* you *might* have been downloading music
yougotkicked 30th May 2011, 21:03 Quote
well if nothing else, we can all take this as a entertaining reminder that politicians really don't understand what the people want, in a quite literal sense.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums