Slashdot Mirror

← Back to Stories (view on slashdot.org)

"Breathtakingly Stupid" EU Cookie Law Passes

Posted by kdawson on from the uac-plus-plus dept.

Reader whencanistop writes with some details on an upcoming EU law that slipped under the radar as it was part of the package containing the "three strikes" provision, which attracted all the attention and criticism. "A couple of weeks ago we discussed the EU cookie proposal, which has now been passed into law. While the original story broke on the Out-law blog from a law perspective ('so breathtakingly stupid that the normally law-abiding business may be tempted to bend the rules to breaking point'), there has now been followup from a couple of industry insiders. Aurelie Pols of the Web Analytics Association has blogged on how this will affect websites that want to monitor what people are looking at on their sites, while eConsultancy has blogged on how this will impact the affiliate industry. In all of this the general public is being ignored — the people who, if the law is actually implemented, will have to proceed through ridiculous screens of text every time they access a website. I know most of you guys hate cookies in general, but they are vital for websites to know how people are accessing the sites so they can work out how to improve the experience for the user."

14 of 447 comments (clear)

  1. Michael by Anonymous Coward · · Score: 1, Interesting

    It may make common folk like me think about the extent that our personal information is collected and used, information that is a valuable commodity in current society and it's bought and sold with very little compensation to the rightful owner - the individual.

  2. I don't see the stupidity here by Skapare · · Score: 4, Interesting

    Maybe it's a bit harsh. But so are the abuses of cookies.

    Cookies are used to keep a shopping cart. That out-law.com article spells that out. Cookies are used to track logins on forum sites. There might be an implied consent, there. But to be sure, just ask for consent when users register. Previously registered users would be directed to the consent request page once the next time they try to login. Explain that the consent is for the cookie used keep their login state. Explain that without consent, the login process cannot be completed and the user would be limited to the access level of a non-logged-in user.

    Now, what else are cookies used for, that consent should not need to be given for?

    --
    now we need to go OSS in diesel cars
    1. Re:I don't see the stupidity here by Maxo-Texas · · Score: 4, Interesting

      You know the funny thing about companies that collect and sell my personal data?

      Their prices are higher than companies who do not.

      Krogers and Randalls both do this.

      HEB & Foodtown don't.

      Yet the same product at randalls and krogers *with the affinity card discount* is more expensive than the same product at HEB and foodtown. Sometimes dramatically so (25% or more- example, whipcream $5.29 with discount card vs $3.99 every day without card).

      --
      She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
    2. Re:I don't see the stupidity here by Skapare · · Score: 2, Interesting

      2. Affiliate marketing... There are a lot of other sites with good information (a book review site comes to mind) that I enjoy. They all keep the site running by giving affiliate links to the products, say to a book on amazon. Kill that for them, and you kill their revenue.

      Maybe you can explain why you think cookies is the only way to do this.

      So, would you propose that the people running these sites force the customer to consent before they allow them to use their services?? No, that won't work because they can only make them accept to their cookie, not the one downstream they actually get paid on. People have been so scared from cookie FUD that they will deny %90 of the time, and STILL kill many sites because their revenue has dried up.

      Maybe you can explain why the downstream site needs a cookie to accomplish affiliate marketing when other means, such as embedding a code in the URL, are available.

      I think this law, if they have to make one, should be more specific and say what you CAN'T use cookies for.

      Why? So you can make up new ways to abuse cookies?

      AND btw, affiliate links would be fine if we could JUST identify the computer, we do not need to identify the individual.

      That can actually be dangerous. The next person to come along might link to the same site, and they figure it must be the same person, and re-use their identifying info that first person voluntarily provided. I don't see how knowing that it is the same computer, but not the same individual, helps in marketing, when marketing is targeted to people. Computers don't (yet) make buying decisions.

      --
      now we need to go OSS in diesel cars
    3. Re:I don't see the stupidity here by Phroggy · · Score: 2, Interesting

      All kinds of things.

      Every time you visit my web site, a random quote is displayed. Which quote you get is stored in a session cookie, so every page displays the same quote as long as your browser remains open (this was a better idea when I had fewer quotes in my list; I'll probably change it, but that's irrelevant to this discussion). Another cookie tracks which quotes you've already seen, to ensure that if you come back tomorrow (with a new session), you won't get the same quote you just got yesterday. Once you've cycled through all of the available quotes, of course, it resets.

      Because I was extremely bored several years ago, there's some additional logic: if you've been to my site before, and I've added a new quote to the list since then, instead of choosing any quote at random, you'll be given the one that I just added. If you've never been to the site before, it just picks one randomly.

      Also, because I was extremely bored even more years ago, my site can be displayed with a variety of themes, most of which are intended to resemble windows on a computer desktop, on a variety of operating systems. The first time you visit the site, a theme is chosen for you based on your platform (as determined by your user_agent string), but you can change it just by selecting another theme from the list. Your preference is saved in a cookie.

      I do not track individual users. I have no idea who you are. I don't assign you a unique ID. But I am using cookies.

      --
      $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
      $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
    4. Re:I don't see the stupidity here by Hurricane78 · · Score: 2, Interesting

      UUUM, WTF?

      By deliberately letting the cookie settings of YOUR BROWSER on "ACCEPT ALL", you ALREADY accept all cookies! That's why it's retarded.
      The website has nothing to do with that! The BROWSER is the one that has to implement the asking functionality. And those that I know already do exactly that.
      All we may need, is setting the installation default to "ask". Then most people will set it back, and nothing will change. Which is another reason the law is stupid.

      You know what I'm going to do? Add a small line on the bottom of the page: "Users from the European Union with automatic cookie acceptance are not allowed to enter this site!".
      Or something like that. Meaning, that I will state that everybody who entered my site, without that ask-first function activated in his browser, did illegally enter the site (which of course is bullshit which works well on politards), and thereby it's not my fault.

      There. Solved.

      --
      Any sufficiently advanced intelligence is indistinguishable from stupidity.
  3. I RTFA and don't find it to be all that bad at all by Anonymous Coward · · Score: 3, Interesting

    I don't see the problem at all.

    If you are running an Amazon affiliate program you should have no problem telling your users that by clicking on the link to the product you are recommending that you get a portion of the sale. If you can't admit to that, then you aren't being honest with your users.

    Likewise with Google Analytics. What's wrong with telling your users that you want to track how they access your site so you can improve it? Oh, there's the little bit about letting Google build up a profile on you. Well maybe someone will come up with an Analytics system that doesn't have a big brother behind the scenes.

  4. OK , so the first link... by Viol8 · · Score: 4, Interesting

    ... is to an old slashdot story which even says the initial write up is wrong and it has a link to a yahoo story which no longer exists. Come on guys , I know this is slashdot but try a little feckin harder for gods sake.

  5. Cookie consent at browser level? by RevWaldo · · Score: 2, Interesting

    Couldn't browsers be made "EU-compatible" and give users a settings checkbox that says (more or less) "I either don't care about cookies or I'm perfectly comfortable dealing with them on my own (either with plugins like CookieCuller or manually.) Bring 'em on!"? Or doesn't the new law allow that?

    --
    Prisencolinensinainciusol. Ol Rait!
  6. Kudos for refuting your own argument by Anonymous Coward · · Score: 2, Interesting

    Yes, grocery stores can match bank accounts and stuff. Reason why I pay cash and object vehemently to the "trend" where the combined stores are waging a vendetta against cash and are already trying to require use of electronic and therefore trackable means. All in the name of "safety" of course. Bunch of underhanded jackassholes.

    Thing is, there exist alternatives for cookies, too. Only, you'll need access to the webserver to get the logs and that makes it much harder for third parties to gather the data. There was this trend, maybe it still exists, where sites required cookie acceptance. So I accept them all and safely store them in /dev/null. No ``user experience degradation'', heck, no discernible difference. Coincidence? I Think Not.

  7. A few bad uses = all bad? by Cogneato · · Score: 2, Interesting

    There seems to be an assumption that cookies are almost entirely used for evil tracking of website visitors. People have brought up shopping carts and logins, but there are many, many other relatively minor uses for which cookies are useful. Are we to provide you with a disclaimer every time we want to make sure some little setting that you have clicked "sticks" as you jump between pages? Yes, there are other tools to do this job, but cookies are also a specific tool for a specific job.

    I find it interesting to hear many people claim the evils of cookies are so bad that they need to be outlawed, when in the end, it is the user's choice if they want to accept them. Isn't this akin to saying that we need to ban content on television or the internet because sometimes it could be used for evil? If you can use the argument of "just turn the channel" or "just don't go to those websites" in those cases, then why isn't the same argument good for people to just turn off cookies? If enough people do that, then the web developers will use a different tool to get the job done, and cookies will fall by the wayside. You have an "off" button on your cookies. If you don't like them, then use it.

  8. This is for THIRD party cookies only by american_standard · · Score: 3, Interesting

    If you're site is using cookies, no problem - this directive isn't going to affect you. If you're site loads third party cookies then this is what this law is addressing. There are legitimate uses for third party cookies, and your users will have no problem recognising and understanding those uses and probably consenting to the cookie. I'm guessing you're only going to be concerned if you're loading some advertising, affiliate stuff that you'd rather the user didn't know about. And check your logs - all those none IE visitors can already disable third party cookies easily in the browser preferences. If you're site, or revenue relies on using technology from the 90's then the EU is the least of your problems...

  9. Re:I RTFA and don't find it to be all that bad at by MikeBabcock · · Score: 2, Interesting

    As an employee of an advertising company, your usage knowledge is biased in that direction. As a long-time web designer who does not try to monetize most of my offerings, I use tracking cookies to simplify site design and to understand how users navigate and help them save preferences on those sites without asking them stupid questions like Windows Vista.

    --
    - Michael T. Babcock (Yes, I blog)
  10. Re:I RTFA and don't find it to be all that bad at by whencanistop · · Score: 2, Interesting

    Thanks for the personal attack. Really appreciated it.

    You do not make websites better by guessing what the user wants. Your own slashdot website probably has someone who looks at what people do, looks at how many people comment and generally advises on which are the most popular links. This helps them work out which stories are interesting to you and not a load of garbage. It also helps them work out what tags submissions should be grouped together based on the likelihood of users to read certain types of submissions.

    Using cookise for advertising is completely different. You're using your cookies to make sure that either the money you spend gives you the biggest return (ROI). You're thinking about this the wrong way around though. You're thinking from your perspective as an advertiser (or someone who works for one). I, as a user, want to be able to click on ads of things I want to buy. Your job, as an advertiser of things I want to buy is to give me those ads at the right time and in the right place. You can't make someone buy something they don't want to. You can make it a lot easier for them so they don't get psised off and go to your competitor.