New law in EU outlaws most cookies

New http cookie law in EU. Websites in UK given 1 year to change their practices.

The new law on cookies in EU outlaws most cookies in use today, or requires that websites prompt the user about their use. The exceptions are cookies strictly necessary for a service to function properly. The new law mainly effects the unwarranted collection of personal data, such as that used by advertisement networks to track users, either trough Cookies, Web Beacons, or other mechanisms.

The Regulations require that users or subscribers consent. Directive 95/46/EC (the Data Protection Directive on which the UK Data Protection Act 1998 (the DPA) is based) defines ‘the data subject’s consent’ as: ‘any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed’. Consent must involve some form of communication where the individual knowingly indicates their acceptance. This may involve clicking an icon, sending an email or subscribing to a service. The crucial consideration is that the individual must fully understand that by the action in question they will be giving consent.

Cookie law Exception

You won't have to ask the users before you store all cookies, those cookies that are used strictly as a part of your site or application, to provide certain functionalities are still legal.

The exceptions would include, shopping carts and login systems using cookies. Etc. Only on the condition however, that the cookies ain't used for anything else, such as tracking users, gathering personal information without their consent. And so on.

The above means that most session cookies. I.e. Those used for login purposes, will be legal to use. Most persistent cookies, (cookies lasting longer than the duration of the visit), will be outlawed.

This exception is likely to apply, for example, to a cookie used to ensure that when a user of a site has chosen the goods they wish to buy and clicks the ‘add to basket’ or ‘proceed to checkout’ button, the site ‘remembers’ what they chose on a previous page. This cookie is strictly necessary to provide the service the user requests (taking the purchase they want to make to the checkout) and so the exception would apply and no consent would be required.

Commission Ignorance

The commission fails to recognize that there are other justified uses of cookies, such as remembering a users preferences, or tracking users internally on a site. All uses that will be outlawed in the new cookie law.

Modern website doesn't just rely on cookies, they might also rely on application caches as well as existing caching mechanisms, such as if-modified-since.

Also, tracking users internally on a site has been wrongfully labeled as a dubious activity.

Very much like in real life, users request URLs (Product) from the server (The Shop Keeper). The server in this case, works as the shop keeper, who has a memory of who is entering and leaving the shop, and even what they requested to buy. In this case the server records all requests made, this information can then be used to create an adequate, entirely anonymous site statistic.

Now, using session cookies for this purpose, would only make it easier to track users internally on a site, and wouldn't pose the same privacy issues as with those set by third parties.

So while Brugbart may agree about some privacy issues, we don't agree that you should always ask the user when you are going to place a cookie, because that would sometimes be the equivalent, as to asking the users about whether or not they want to cache the pages on your site. This would be the case when saving preferences, which could be considered a part of the online application or website. The only practical way to cache such, is by the use of cookies, unless the user is logged in.

Conclusion

While extensive tracking of users is bad, (usually archived trough cookies), the new law is worse, and very abusive and wrong in many aspects. It mostly overlooks the good uses of cookies, and outlaws nearly all uses by allowing the bad uses to block the view.

Brugbart will not comply with the new law, since its intruding, and in direct violation with the values Brugbart is build on.

We will however look into what information Analytics and Adsense is collecting more closely, and wait for official word on the matter from their sides. Hopefully they'll stop tracking users as extensively as they have previously done.

Hopefully other website owners will start to oppose this law, as it is intruding to website owners in many areas.

Post comment

Links that you insert are not nofollowed, but will be removed by admins if they are considered spam.

[url=Absolute URL for page]TITLE[/url]

You should insert code boxes around code examples, which will be automatically syntax highlighted.

[code1 html|css|javascript|php|sql]Your Code Here[/code1]

You may want to read our Privacy Policy before submitting your comment.

Links

  1. BlueBoden's Blog

  2. Broadcasting Service