New EU Net Rules Set To Make Cookies Crumble

NickstaDB writes "From the BBC article: 'From 25 May, European laws dictate that "explicit consent" must be gathered from web users who are being tracked via text files called "cookies." These files are widely used to help users navigate faster around sites they visit regularly. Businesses are being urged to sort out how they get consent so they can keep on using cookies.'"

They will just bury it

They will just bury such "consent" in the EULA, privacy policy, terms and conditions, legal notices, and other such crud that no one reads.

Re:They will just bury it

Data protection legislation in the EU requires that explicit consent is given. That means clear, unambiguous, and upfront consent. You can't hide it in a blizzard of tick boxes or EULAs. Defaulting options to give consent won't work either.

Big business might try tor rely on a "permissive environment" of weak national regulators but the EU commission takes these things seriously. After stunts like data loss and Phorm they're wise to the tricks. Any wiseguy is just going to get their ass handed to them.

Re:They will just bury it

[andrea.sartori]

Yeah, sure, because a Yes/No guarantees the user has a) read the message, b) understood what this cookie stuff was, c) consciously clicked the "right" button.
Real world situation: "It asked me something." "What did ask what?" "Dunno, I just clicked OK."
Come on. 80% of the malware in the world is installed exactly after "gathering explicit consent from Web users".

Re:Thanks EU

[plover]

Great - what the internet needs is more regulation.

Thanks EU.

I think that's exactly what America needs: more EU regulation. We'll just host their sites over here, because we don't have to comply with their stupid laws.

Re:Thanks EU

[mrcaseyj]

IPv6 will give almost everybody practically static addresses, the ultimate undeleteable cookie. So the EU regulation will be futile very soon.

Tracking =/= cookie use

[mclearn]

Cookies have legitimate uses that have nothing to do with "tracking". Perhaps the issue comes with trying to interpret the specific language used rather that knee-jerk "everyone must opt-in". If your cookies are not used to track -- if you do not use, for example, Google analytics -- then you are not in violation. The article basically states this.

Re:Clue stick

[Malc]

I couldn't give a rat's arse how much it costs sites to comply. I'm glad somebody with sufficient authority is looking out for my privacy, because it's hard enough to do it by myself. Cookies have been a fundamental feature of the web for a long time as a way to make the web a better experience for users, but I certainly didn't ask advertisers et al to abuse this functionality for things that aren't in my interest.

Re:Thanks EU

[DarwinSurvivor]

HAHAHA. Says the guy who's country created the patriot act! American VPS companies have been losing lots of money because people don't want to put their data on a server in a country where the government can just go "This server is running on the same hardware as someone who MAY have sent a secret message to someone in IRAQ with a picture of a child, thus we are confiscating everything!"

Re:EU = make things harder

[cbope]

Sorry, you are looking at it from the wrong direction. The difference between the US and the EU is that the EU (or by extension the state governments that form it) are protecting their citizens from violations of privacy by corporations. You see, over here, we actually care about privacy and our governments do actually help to protect it. Done properly and where needed, regulation is a Good Thing(tm). Corporate Fascism hasn't yet fully taken over here in the EU as it has in the US.

All you have to do is look at areas such as telecommunications: The EU's mobile phone operators and ISP's provide FAR better service, better prices and a LOT more competition in this area than in the US. I live in a small country of only 5.2 million, and I can choose from literally dozens of mobile phone operators and I have multiple ISP's to choose from with very competitive offerings. I can shop for the best price and/or service. I am not limited to one or two major monopolistic operators or ISP's like in some parts of the US.

Just like the 2-party political system, which is a joke, you guys over in the States need to get over your long-held belief that regulation is bad. Regulation in the EU generally *protects* the consumer and their privacy and prevents monopolistic business practices. In the US, practically everyone believes in the invisible hand of the free market. The problem is the invisible hand is stealing from consumers pockets and stuffing the pockets of corporations. The invisible hand is NOT working in YOUR favor, it's working in favor of the corporations.

Now before a troll comes along and says I do not know what I am talking about, I am an American living abroad in the EU, for more than 10 years. I have lived and worked in both places and I have worked for both American and EU based companies. I can assure you, the EU way really is better and I cannot really consider living and working in the US anymore. It is a major downgrade on practically every metric.

Back to the original topic: tracking cookies. This regulation is in response to companies who abuse users by tracking them using cookies. This is unwanted behavior. Cookies were not originally intended for this use and since companies have been abusing cookies (and by extension the consumers/users), it calls for regulation since companies in the free market cannot be held responsible for acting responsibly. Companies will only do what they can to increase profits and/or market share unless forced to do something else. Regulating cookies for tracking behavior is needed and I do not have a problem with this. It protects me as a consumer since it is widely known to be abused. This is precisely why regulation is sometimes needed.

You may be willing to allow corporations to perform uncontrolled data mining of your online habits but I prefer to have control over that information since the information is open to abuse. There is no legitimate justification for corporations to collect this information other than to use it for their benefit. They are certainly not collecting it to help you as a consumer.

Re:Thanks EU

[Narcocide]

You got modded flamebait but in reality you've understated the situation quite significantly. When the feds come to bust a private host for something they usually take everything in the room that is even plugged into the same power line and all the networking hardware out to the wall, then they leave it up to the owners of the hardware to litigate for return of their property.

Ghostery for FF

[b4nd0ler0]

As for third party cookies: I use Ghostery on Firefox and it works pretty well and it's pretty unobtrusive once configured. It's amazing to see how many of these cookies are used and abused. Some sites have literally dozens of them. (./ has two: Google analytics and Addthis). FB and Twitter are major culprits, they have no business tracking me when I'm visiting some other site, I'm not one of their users and I don't give a sh`t about what they do. I support this legislation, we just don't know how much user data these companies are gathering and for what use so it's basically saying that you cannot track people that doesn't want to be tracked.

Re:Thanks EU

[Bobakitoo]

What if multiple people share the same computer?

The kids get to see pornography advertisments because you browser for porn last night. Fun for the whole family!

Re:Car anology

[Malc]

Hmmm, bad car analogy. As an owner and driver, I already have control over that. Perhaps it would be more like manufacturers putting a feature or governor in your car that makes it drive past some advertising slowly, without your permission... in which in my case I'd want the EU to regulate, just like I'm happy to see them doing something about abusive companies trying to track me for their benefit rather than mine.

Re:EU = make things harder

[lordholm]

Google requiring log-in = people start using bing (have they renamed it again yet?) / yahoo / altavista.
Really... this is what would happen.

I have seen plenty of people who, when encountering a log-in / register window, they just close the web-page and do something else. Come, to think of it, all sites requiring log-ins, would be a huge boost for productivity.

Re:EU = make things harder

[cynicist]

There is no free market in the US. There are lots of regulations and government intervention here, they just happen to be on behalf of corporations rather than individual citizens. One of the reasons you can choose multiple ISP's and we cannot is due to monopoly agreements granted to ISP's in the US. You have more favorable regulation in the EU to be sure, but don't pretend the problems in the US have anything to do with a lack of government involvement...

Re:Oh so important anti-virus scanners!

[wvmarle]

Well I agree with you that a cookie may not physically harm you; and that they are very useful tools for web site programming.

Yet the primary problem with cookies is the third-party cookies that ad networks place on your computer. So this ad network can track which web sites you visit. This has no use for you as end user; it only servers to give the ad network more information about you. They can see you visit slashdot, they can see you visit certain lolcat related sites, they see you visit amazon, they follow you whenever you hit a web site where their ads (and cookies) are served. And that is the problem they most likely want to tackle as that is where privacy is an issue.

Re:Thanks EU

[Snowblindeye]

IPv6 will give almost everybody practically static addresses, the ultimate undeleteable cookie. So the EU regulation will be futile very soon.

That problem has been solved by RFC 4941, otherwise known as the Privacy Extensions. Most OSes support it, though I believe some don't enable it by default. IIRC the iPhone is one of the devices that doesn't support it, but that should be fixable once IPv6 becomes more widespread.

Re:Wrong Solution

[Nursie]

Find a FF extension called "Cookie Monster" and then revel in th granular control you have once again :)