UK "No Tracking Law" Now In Effect

Fluffeh writes "The British Gov might have more cameras up on street corners than just about anywhere else in the world, but it seems that the Gov doesn't want anyone else stepping on the privacy of their folks. In what the media have dubbed the 'Cookie Law' all operators of websites in Britain must notify users of the tracking that the website does. This doesn't only cover cookies, but all forms of tracking and analytics performed on visitors. While there are potential fines up up to 500,000 pounds (Over US$750,000) for websites not following these new rules, the BBC announced that very few websites are ready, even most of its own sites aren't up to speed — and amusingly even the governments own websites aren't ready."

do as I say, not as I do.

[Nyder]

Been hearing this my whole life.

Re:do as I say, not as I do.

You have the voice of god in your head!

Re:do as I say, not as I do.

[I+disagree+I+rape.]

About eight months ago, I was searching around the internet to find out why my computer was running so slowly (it normally ran quite fast, but had gradually gotten slower over time). After a few minutes, I found a piece of software claiming that it could speed up my PC and make it run like new again. Being that I was dangerously ignorant about technology in general (even more so than I am now), I downloaded the software and began the installation. Mere moments after doing so, my desktop background image was changed and warnings that appeared to originate from Windows appeared all over the screen telling me to buy strange software from an unknown company in order to remove a virus it claimed I had.

I may have been ignorant about technology, but I wasn't that naive. I immediately concluded that the software I'd downloaded was, in fact, a virus. In my rage, I broke numerous objects, punched a hole in the wall, and cursed the world at the top of my lungs. I eventually calmed down, cleared my head, and realized that the only remedy for this problem was a carefully thought out plan. After a few moments of pondering about how to handle this situation, I decided that since I barely knew how to properly handle a computer, I should turn it over to the professionals and let them fix the issue.

Soon after making the decision, I drove to a local computer repair shop and entered the building with my computer in hand. They greeted me with a smile and stayed attentive the entire time that I was explaining the problem to them. They laughed as if they'd heard it all before, told me that I'm not the only one who has trouble operating computers, and then gave me a date for when the computer would be fixed. Not only had they told me that the computer would be completely repaired in at most two days, but the price for their services was surprisingly low, and to top it all off, they even gave me advice for how to avoid viruses in the future! I left the building feeling confident in my decision to seek professional help and satisfied knowing that such kind-hearted people were the ones doing the job.

The very next day, I received a phone call from the computer repair shop whilst I was at a local library researching computer viruses. I had stumbled upon a piece of software that appeared to be very promising, and I was about to do more research on it, but seeing as how I required my computer as soon as possible, I decided to put the matter on hold. Upon answering the phone and cheerfully greeting the person on the other end, I was greeted with a high-pitched shriek. Startled, I asked what was wrong. A few moments passed where nothing was said, and suddenly, the person on the other end said to me, in a low voice oozing with paranoia, "Come pick up your computer." They hung up immediately after saying that, and I couldn't help but notice that they sounded as if they were on the verge of tears. I briefly wondered if it was due to stress from work, and then drove to the computer repair shop to acquire my computer.

I was positively dismayed upon entering the building. The inside of the computer repair shop looked nothing like the image from my memories. There were broken computer parts scattered throughout the room, ceiling tiles all over the floor, blood splattered in every direction I looked, and even a human toe on the ground. After processing this disturbing information, I began panicking and frantically looking around for my computer. I spotted an employee covered in blood sitting up against the wall, and noticed that his wrists had been slashed open. Thinking quickly, I ran up to him, grabbed him by the collar of his shirt, shook him around, and began screaming, "Where is it!? Where is my computer!?" After a moment of silence, he passed away, completely shattering my expectations. "What a meaningless individual," I thought.

Enraged, I tore the building up even further than it already had been in my desperate search for my computer. Eventually I discovered a door leading to an area that was normally only accessible

Re:do as I say, not as I do.

I can't believe I wasted my time reading that. That was positively the most mind-numbing thing I've seen on slashdot. I thought I was on 4chan for a minute there. However, it was slightly entertaining and you got me to respond, so well done.

Re:do as I say, not as I do.

This proves that corporations control government. Oh, wait...

Re:do as I say, not as I do.

[Anonymous+Brave+Guy]

In this case, it seems to be more a case of "Do as the European bureaucracy says, not as we do, but our guys won't really go after you if you're being reasonable about the spirit of the rules anyway, as long as you don't take the piss."

Re:do as I say, not as I do.

[Splab]

Silly to post something like this when European obviously aren't around to debunk the crap in TFA.

It's not about the British Government not wanting others to snoop on their citizens; the no cookie law is a European mandate and all member nations are required to implement it within the next few years.

And yes, most sites are going to have some real trouble implementing this.

Re:do as I say, not as I do.

[dave420]

I'd like to know which site they are referring to, as it seems there are plenty of cookies which are allowed to be used without any notice at all. It would appear, so far, this is just more "lol! stoopid government!" stuff. It would help you to check this stuff out before leaping on the bandwagon and making it worse.

Re:do as I say, not as I do.

True. It could be a nice thing, but my paranoid side says it's the people paying the government and the government paying the government that results from this.

Re:do as I say, not as I do.

[DrXym]

It's not too hard to conform with the rules. It mainly involves getting user consent before issuing tracking cookies. i.e. a web filter might test for a user-has-consented-to-tracking cookie and redirect them to an informational page explaining what cookies or data is stored on the user's machine and what it does. If they click OK then the user-has-consented-to-tracking cookie is set and it's business as usual.

Cookies to do with security, checkout baskets etc. are largely exempt. The law is to control analytics cookies from advertisers, sites that remember users and so forth.

A bigger issue is this law is going to be hideously hard to enforce, there are plenty of edge cases to consider (such that the guidelines are 30 pages long) and at the end of the day it's not really doing much for the user. I think it would have been better to oblige EU sites under law to honour a "do not track" cookie sent by the browser with various levels of privacy control.

Re:do as I say, not as I do.

[Impy+the+Impiuos+Imp]

So nobody gets to observe you intrusively and in detail...except the one entity proven to be vastly the most harmful to human existence, as shown by actual historical evidence. Indeed, the vast bulk of history is this evidence itself.

Also as learned from history, nobody learns from history.

Re:do as I say, not as I do.

In this case, it seems to be more a case of "Do as the European bureaucracy says, not as we do,

I guess you'd prefer that they went full-out police-state like the American bureaucracy did.

Re:do as I say, not as I do.

[multicoregeneral]

Is that what they call it now? I always called him bob.

Re:do as I say, not as I do.

Even then, the EU is a toothless body whose only real actions have been against US firms mainly because they are an easy target and tend to not have the favoring mindshare of juries as native companies do.

I'm sure larger websites will just snicker at them and continue business as usual with the analytic sites and third party tracking systems. Maybe offer a bone or two at most, and just let a third party tracking site do the work so the website can say they don't do much.

If the EU wants to actually step in and do something for privacy, they should start looking at whom apps communicate to. Fire up Firewall IP on a jailbroken iPhone, and you will find that most apps communicate with a shit ton of sites that have zero to do with anything the user wants to do, and this communication is continuous.

Until the EU actually does something for privacy, their only real goal it seems it just to go after US firms to justify their existence.

Re:do as I say, not as I do.

First off, it's "Bob".

Next, you misapplied the quote. The proper quote is:

"I don't practice what I preach because I'm not the type of person I'm preaching to."

Get it right, next time.

Re:do as I say, not as I do.

Lawmakers should hire programmers to make tools to test if sites are complying, without sending non-complying data back to the gov. That way, webdevs can tell if their site is legal without putting it online to see if they get sued.

Re:do as I say, not as I do.

[vgerclover]

This reminded me of Metropia.

Re:do as I say, not as I do.

[Splab]

No wonder you are posting as AC, what a load of bollocks. The European Union are by no means toothless, and sure as hell aren't specifically targeting US companies. Last year, some billion euro class fines where handed out to local price cartels, the reason you don't hear about it is a. you got your head stuck firmly in your arse or b. only reading news spoon fed by your US propaganda machines. (Well, one could argue they are the same...)

Re:do as I say, not as I do.

[jmactacular]

This is key, making the distinction for what the *purpose* of the cookie is. I hope they got that right in the legislation. Tracking cookies are probably fine to regulate. But they need to make sure they're not interfering with the stateless nature of the protocol we have to work around by using cookies, for keeping people logged in, shopping carts, or knowing this person has consented in the first place.

Re:do as I say, not as I do.

[ShieldW0lf]

So nobody gets to observe you intrusively and in detail...except the one entity proven to be vastly the most harmful to human existence, as shown by actual historical evidence. Indeed, the vast bulk of history is this evidence itself.

Also as learned from history, nobody learns from history.

You're insane. And when I say that, I mean you've got a fundamental disconnect from reality.

If this "entity" was so harmful to human existence, evolution would have destroyed it and it's adherents long ago.
 
If you want to effect real change, you need to make things that are necessary but onerous obsolete, and that starts with acknowledging that the intrinsic value of those patterns you hate is so significant that it's been overcoming the objections of the unsophisticated since before you hit the scene. If you can't see the merit of what you're trying to replace, you'll never succeed in creating a replacement.
 
Cultures whose sense of outrage leads them to recoil from paying costs that are necessary quickly become extinct. Then, a hundred years later, when all traces of their failed efforts are erased, it's touted as "novel" and "progress".

Re:do as I say, not as I do.

[mSparks43]

They day I have to do anything on the internet under government regulation.
Is the day I use a different internet.

Re:do as I say, not as I do.

[BlueStrat]

If this "entity" was so harmful to human existence, evolution would have destroyed it and it's adherents long ago.

No, he's got it basically right.

Fire is harmful to human existence as well, yet fire and it's users have flourished. Government is like fire. Simultaneously very useful & necessary, as well as dangerous & lethal in the extreme.

Both government and fire must be used only where and when necessary, and in only the quantities, size, and intensity necessary to accomplish the task, and there must always be strong safeguards against either spreading out of control, as left to their own, both will grow as rapidly and as large as possible, finally consuming everything.

Fire is less dangerous, for at least fire cannot spread across oceans to find more to destroy as can governments.

Strat

Re:do as I say, not as I do.

This falls under the [Citation Needed] category. What "price cartels"? Got any references?

On the other hand, we see US companies like Microsoft and Google repeatedly raked under the coals with extreme concessions have to be given in order for them to even continue operating in Europe. Microsoft is definitely not innocent, but they are often scrutinized when some muckety-muck wants to appear like they are doing something, and US companies are easy low-hanging fruit to go after.

Re:do as I say, not as I do.

[Scoldog]

Didn't you say his name was Herbert?

Re:do as I say, not as I do.

[shiftless]

No, you're a dumb ass who didn't learn from history. GP has it right

Re:do as I say, not as I do.

[shiftless]

It's not too hard to conform with the rules.

Sure, that's always how it starts. Then eventually they pile more and more and more and more fucking rules on everybody, until the whole goddamn thing collapses inward on itself from the weight of all the "know better than yous" and their "this is for your own good, I promise" "rules."

Fuck this bullshit. If I don't web sites tracking me, then I should not a) run insecure software which allows them to do so, or b) visit said web sites. More laws is NOT the answer.

Re:do as I say, not as I do.

[Splab]

Too bad neither Microsoft nor Google makes a search engine for you to go search for stuff like this huh?

http://ec.europa.eu/competition/cartels/cases/cases.html

Re:do as I say, not as I do.

[multicoregeneral]

It totally could have been. I'm great with faces. Names, not so much.

Re:do as I say, not as I do.

You're insane. And when I say that, I mean you said something I don't want to agree with but don't know how to refute

You are lying when you tell yourself that you could possibly have ever meant anything else.

Idiots

There sure a bunch of dumb motherfuckers in Europe. Obligatory: by reading this post, you agree to accept the embedded tracking cookie. Ha ha, dumb fucks.

Re:Idiots

It's true, Europe is the worst country in the world.

Re:Idiots

You remind me of how fucked up and retarded Europeans are. To wit: when the dumb fucks want to brag about something, it's a "European" accomplishment. Doesn't even matter if the shit happened in Hungarian and you live in Norway, you somehow want to take credit. But when some bullshit goes down, like this shit here in the UK for example, suddenly Europe is back to being a group of completely unrelated political entities again. Fucking hypocritical fuckwads.

Re:Idiots

You could say exactly the same thing about Americunts.
USA! USA! USA! USA! USA! DEEERP!

Re:Idiots

This is why I left slashdot and only come back once in a blue moon.

The community here has died and been replaced by these people.

Re:Idiots

Simple:

If it happens in the UK it can't be a "European" thing, since the UK barely belong to the EU. (Norway doesn't belong to the EU either by the way).

If it happens anywhere else in the EU, be it Hungary, Greece, France, Germany, Belgium or whatever, then it's either an European accomplishment or European shame.

Just remember very few people consider the UK as a full EU member and you'll understand better.

Re:Idiots

It's true, Europe is the worst country in the world.

Europe is actually a continent.

Re:Idiots

No, it's a cuntinent. Get it?

Re:Idiots

[dave420]

Eh? The UK is a member of the EU. That's that. Being in the EU is one thing - membership in the EU. Once that's achieved, the country is a "full" member of the EU. I seriously don't know what you're on about.

Re:Idiots

[They'reComingToTakeM]

Europe is a continent, not a country

Re:Idiots

[Marc+Madness]

I believe the UK still use their own currency.

Re:Idiots

Membership in the EU or the EEC is not the same thing as membership in the Euro (i.e. the currency). The UK is very much part of the EU despite not using the Euro.

captcha: "informs"
Fancy that.

Re:Idiots

[jones_supa]

Then by all logic, ain't you in part fault for that by leaving?

Re:Idiots

[Gonoff]

Our press and conservatives required that this happen. Our press is controlled by the same person that controls your Fox "news" and our conservatives are so right wing that they are the most right-wing mainstream party in Europe.

Both of these nasty groups are overjoyed at the financial problems in the Eurozone.

Re:Idiots

Sound off the sirens! We have an idiot who doesn't understand sarcasm! ALERT! ALERT! Stupid-ass people are afoot!

Re:Idiots

Bahaha! Soooo many fucktards on /. today! Its amazing. You, sir (or madam), deserve a back-handed slap across your face and a kick in the groin.

Re:Idiots

[FreedomOfThought]

I wasn't sure how to moderate this. I'm pretty sure its a super-effective troll. Yet some part of me suggests you might actually be serious so I opted out of wasting a mod point.

Re:Idiots

[Anonymous+Brave+Guy]

Our press and conservatives required that this happen.

Well, them and a strong majority of the British public consistently wanting to stay out of the Euro. But this is Slashdot, so let's not let facts get in the way of a good rant.

And of course, jokes about similarity aside, the Tories haven't actually been the ones running the show since Tony Blair's first New Labour administration took office in 1997. The Conservatives have been the more powerful party in the current coalition since 2010, but for some reason, in the past couple of years no-one from any major UK party has been suggesting that we join the Euro any time soon.

our conservatives are so right wing that they are the most right-wing mainstream party in Europe.

I don't know how true that is, but in any case, the politics in most countries in Europe is rather strongly left-leaning by global standards, in much the same way that both the main parties in the US would be regarded as quite far to the right on a global scale.

Both of these nasty groups are overjoyed at the financial problems in the Eurozone.

Yes, because what we really need right now is for some of our closest neighbours and major trading partners to suffer severe financial problems that will keep our own economy down for a few more years without anything we can do about it. That will definitely help to advance the interests of both of the groups you mentioned, and of course to help the Conservatives to win the next general election outright as they presumably want to.

Re:Idiots

[1s44c]

Eh? The UK is a member of the EU. That's that. Being in the EU is one thing - membership in the EU. Once that's achieved, the country is a "full" member of the EU. I seriously don't know what you're on about.

The UK is in Europe, however it doesn't use the Euro and people in the UK consider Europe to be 'them', not 'us'.

The UK government happily breaks EU laws on stuff like DNA retention and tobacco imports every day. People take the UK government to the European court and win nearly every time yet the UK carries on ignoring EU law.

Re:Idiots

[1s44c]

Membership in the EU or the EEC is not the same thing as membership in the Euro (i.e. the currency). The UK is very much part of the EU despite not using the Euro.

And despite ignoring EU laws over and over again. Google prisoner voting rights.

Re:Idiots

our conservatives are so right wing that they are the most right-wing mainstream party in Europe.

...and yet on that political axis still fall far short of the US Republicans.

And thankfully the CoE influence on them does not determine policy in anything approaching the same degree as more extreme Christianity does the Republicans.

Re:Idiots

[dave420]

... which has precisely nothing to do with being an EU member.

Re:Idiots

That of course doesn't happen in the US. When some folks in Texas want to have creationism in their schools, there is not a single american out there that would suggest its only Texas being the retards.
I mean, with 9/11 you guys sure tried your very best to make every american feel that loss. Looking at the amount of taxpayers cash that went into it, afterwards.
But I still wouldn't call that the same.

Re:Idiots

[dave420]

Which is their prerogative to do so, and still be a member of the EU.

Re:Idiots

[Angostura]

You might like to Google the relationship between the European Court of Human Rights and the EU.

In the meantime, I'll give you a hint - the ECoHR is not an EU body.

Re:Idiots

[Angostura]

Where to start on this post. Let's kick off with DNA retention. Firstly it was the European Court of Human Rights that ruled on this - and that court is not an EU body, and has nothing to do with the EU. Secondly the UK Supreme Court has also ruled against the UK government on this one, and the government is **still*8 dragging its feet, so by your definitions, presumably the UK is not part of the UK since the UK government dissed a UK court.

Tobacco imports? As far as I can tell the UK is not breaching any elements of EU law on imports and indeed last time it came up the EU courts ruled in the UK's favour http://www.guardian.co.uk/technology/2006/nov/24/news.retail

Re:Idiots

You are talking rubbish. The UK is in Europe and a full member of the European Union. It is not a member of the Eurozone, which is limited to those countries which use the Euro as their currency. Britain is by no means alone in this regard within the EU.

The UK does NOT break EU laws with the sort of abandon that you suggest. For example, the problem with not being able to extradite Abu Qatada initiaily was caused as a result of the European Court of Human Rights saying that it would contravene European law if it went ahead. The UK then had to negotiate with Jordan for specific assurances that evidence obtained through torture would not be used in any legal proceedings taken in Jordan which is why, today, we are still waiting for the extradition to take place. There are numerous other European laws that the UK has had to implement by being a full member of the EU.

All, or perhaps I should more correctly say most, EU countries breach one or more EU laws when those laws clash with local culture, traditions or standards. Each EU nation is then responsible for fighting its own corner to explain why its position should be seen as the exception. For example, open air markets selling goods not meeting EU quality standards or access to many places for the disabled in France.

Re:Idiots

[WillDraven]

I mean, with 9/11 you guys sure tried your very best to make every american feel that loss. Looking at the amount of taxpayers cash that went into it, afterwards.

And yet we still haven't rebuilt the damned towers. You'd think we could at least get a couple cool skyscrapers out of the damned trillion dollars we've pissed away on wars and homeland security.

Re:Idiots

[dave420]

Go back to drinking the Kool-Aid. There is no single "press" in the UK.

Re:Idiots

[Impy+the+Impiuos+Imp]

> Doesn't even matter if the shit happened in
> Hungarian and you live in Norway, you somehow
> want to take credit.

I think you mean "...and you live in Norwegian..."

Re:Idiots

[Col.+Bloodnok]

Try finding anyone in the UK who gives a damn about prisoner voting rights. Prisoners abused other people's rights, which landed them in prison.

Being in prison removes several rights, the most notable being freedom of movement. In this case, it limits freedom of movement to and from polling stations.

Re:Idiots

Ha, the UK is more "in" Europe than any other country bar Germany. Can you name any other country that so slavishly implements directives? Where the politicians are so fanatically pro-EU? Sure, the population think the government is anti-Europe but the population are idiots and easily misled, imagining that their "pounds" and their "pints" are a sign of some national independence, when they are really nothing more than a regional indulgence granted by central government. And the press reinforces this, by publishing either "Euroscepticism" or complaints that we are just not European enough. It works. It works brilliantly. We are ultra-European Unionists; the EU is our way of government.

Re:Idiots

Name three UK national newspapers controlled by Mr Murdoch.

The Times. The Sun. And....?

Name three American national newspapers controlled by Mr Murdoch.

The Wall Street Journal. The New York Post. And....?

He's not nearly as all-powerful as you think. Most media has nothing to do with him, in Britain and America.

Re:Idiots

It's true, Europe is the worst country in the world.

Europe is not a country captain dumbass.

Re:Idiots

At least in the country of Europe we understand sarcasm.

Re:Idiots

[gl4ss]

doesn't matter what it is, it's the perfect comeback to the "Europe is a country" line. hilarious.

Re:Idiots

I guess you suffer from the same thing that makes Americans sometimes seem fucked up and retarded over here: a distorted view presented by the media. I'm not aware of anyone that I know who's proud of "European" things that were done a few countries away. There seems to be some increase in national pride in response to the things people don't like about the EU, but it doesn't come close to reciting a pledge of allegiance in schools.

Re:Idiots

[snakeplissken]

Try finding anyone in the UK who gives a damn about prisoner voting rights.
i give a damn, never been to prison, hope never to go, but who knows what laws might get put on the books that make me a criminal for otherwise moral behaviour; if that hasn't happened already!
and as for the dangers, well unless politicians start canvassing on the 'let all the murderers out of jail' ticket. what harm will having murderers voting do to you? whereas say a politico is on a 'marijuana should be legal' kick. then why is the opinion of a convicted druggie on the subject less worthy than say, mine?

i see that you feel that lack of voting is a reasonable punishment for social misbehavior and i can't argue from first principles that you are wrong, i just wanted to point out that i don't see the harm to society in prisoner voting, and i feel that if the punishment is liberty deprivation then we should make that the punishment and not lay other things on top. remember that there are innocent people in prison, they can never be given their liberty back, but they could get to keep their franchisement?

Re:Idiots

[snakeplissken]

i don't live in america so perhaps i'm wrong but i get the impression that for ordinary folk papers are not news sources, fox tv news and the like are, whereas in the uk it's the other way around. there are national tabloids that politicians like to court to woo the populace with all their attendant bias and agendas, with the uk tv news being far less partial and shrill - though not perfect by any means.

Re:Idiots

[blackest_k]

When you say media you ignored Sky and Sky News in particular is not limited to sky subscribers and is fta in various forms. With the digital switch over Murdoch has pretty much everybody in the UK's eyes covered.

Has everyone forgot that the sun on sundays website was registered prior to the closure of the news of the world? Murdoch knew he couldn't save the news of the world after the phone hacking scandal and so stopped the presses for a while.
The sun on sunday is as much the news of the world as Sellafield and Windscale

Re:Idiots

The parent post did specifically say

``Our press is controlled by the same person that controls your Fox "news"''

Hence the reference to newspapers. But even if you include broadcast media, Murdoch only has control of one of the four major over-the-air networks. He also has nothing to do with most cable stations. Really, if it's not got "Fox" in the name, it's not Murdoch. He's a big player, for sure, but his share is relatively small, and there are bigger sharks in the pool. Why does nobody complain about the malign influence of the New York Times, or MSNBC? Well.. I suppose some people do, but they're the wrong sort of people, and their opinions hardly matter.

Meanwhile in the UK, things are even better. Murdoch does not control any major free-to-air channel. Fox News sits next to CNN, Russia Today and News 24, and gets less viewers than any of them. Uncle Rupert is powerless next to the BBC brand name, which is quite simply the first port of call for the vast majority of people.

As to the influence of the tabloids, it's as overstated as the influence of the politicians themselves. Imagine a Britain where Mr Cameron really was in charge, and the opinions of voters actually mattered. The horror, the horror.

Re:Idiots

[lgw]

It's very generational in the US. The old still read the papers, the middle aged get news from the TV, the young increasingly the Internet. There's hope there - by its nature the Internet is hard to control, and while any given place is likely partial and shrill, they never sing the same song.

The uniformity of narrative (well, 2 narratives) in TV/radio/press in the US is scary sometimes. People feel smart because they believe in Narrative A, and get A reinforced constantly, and only morons listen to Narrative B after all. When of course both are crap.

Re:Idiots

[SimonTheSoundMan]

You're new here. I think what you were supposed to write was "whoosh!"

Re:Idiots

Thank you for this comment. angelina

You maniacs! You blew it up!

[jholyhead]

This is another example of what happens when you let computer illiterate politicians have a say in technology regulations

To be fair, the ICO has proven itself utterly inept when it comes to enforcing its own regulations - I can't see them doing any better with this idiocy.

Re:You maniacs! You blew it up!

[bbn]

Why is killing ad-tracking "blowing it up"? Are you sure it is not you that is illiterate? Try reading up on the subject...

They did not ban cookies. They are banning tracking. Not the same thing.

Cookies are ok when necessary for the functionality of the website. Login cookies, webhops and so on are all ok.

Re:You maniacs! You blew it up!

[crutchy]

i think its pure genius...

the government doesn't have to prosecute, but if they're feeling a bit strapped for cash, they can just look up a database of offenders against this tracking cookie regulation and... chi-ching... easy money!!!

...other countries will be sure to follow suit soon enough

Re:You maniacs! You blew it up!

They are not banning anything. They are requiring notifying user about tracking. Not the same thing.

If this means that every site just shows something like "We use cookies to give you best experience and provide relevant advertising. We also use few analytics scripts", people will simply start ignoring it just like they're clicking through EULAs now. After that, websites could even easily get people to consent to "... and also we'll watch you while you touch yourself. Here, we warned you" - most won't even notice.

Re:You maniacs! You blew it up!

No. They're not. A good starting point for "reading up on the subject" is the law, for example, and if you read this section:

a person shall not store or gain access to information stored, in the
terminal equipment of a subscriber or user unless the requirements of
paragraph (2) are met.
(2) The requirements are that the subscriber or user of that terminal equipment-
(a) is provided with clear and comprehensive information about the purposes of
the storage of, or access to, that information; and
(b) has given his or her consent.

Regulation 6 of the Privacy and Electronic Communications Regulations 2003 (PECR) *

you'd realise that this applies to *all* cookies. The only questionmark at the moment is whether signing up for a site indicates "implied consent".

* taken from http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_guide/~/media/documents/library/Privacy_and_electronic/Practical_application/cookies_guidance_v3.ashx

Re:You maniacs! You blew it up!

[bbn]

People need to actively accept that you are tracking them. Just showing such text somewhere is not enough. Few sites are going to want people to read terms and require people to click accept before giving access to the site. Also you need to provide a way for people to opt out again (required).

You need to be specific about each cookie and what you are going to use it for. If you ever add another cookie or change the use of the cookies, you need to ask permission again. Text such as "we use a few analytics scripts" is not enough. If you are using a third party tool like Google Analytics, you need to specify everything Google is going to use the data for. Since Google wont say at this point, you simply can not in any legal way use Google Analytics at this point.

Re:You maniacs! You blew it up!

[dave420]

No, it applies only to cookies which are not exempted. You should read the very document you posted, as it has it all in there.

Re:You maniacs! You blew it up!

[Anonymous+Brave+Guy]

People need to actively accept that you are tracking them. Just showing such text somewhere is not enough.

Actually, the ICO seems to have pulled a complete U-turn with 48 hours to go, and now says that implied consent can be enough.

Whether that will stand up to the seemingly inevitable legal challenge in the European courts remains to be seen, but I suspect even the ICO think this is a dumb law behind the scenes, and their language has been softening substantially in recent weeks relative to their early advice.

Re:You maniacs! You blew it up!

[1s44c]

Fascists don't want money, they want power. Money will just turn up as offerings from servants. The fascist dream is an abhorrent crime with a heavy punishment that everyone is guilty of.

Anytime you don't seem subservient enough they lock you up for this crime whilst ignoring everyone else who did nothing to get their attention.

1984 called it 'thought-crime'. The UK government recently re-branded it 'terrorism' and removed the requirement to have any evidence whatsoever. Maybe they want to expand their list of criminals to everyone with a website.

Re:You maniacs! You blew it up!

[Angostura]

Actually a new interpretation of the rules from ICO last week changes this. Presumed consent is now OK-ish.

Re:You maniacs! You blew it up!

[bbn]

They are confused. It is not possible to tell the user and at the same time not tell the user. It is very clear what you have to tell the user BEFORE setting any cookies, implied or not. So you need a landing page either way.

The problem with Google Analytics is that Google is not telling what they are going to use the data for. You can not tell the user what you do not know yourself. So it is impossible to use Google Analytics until Google change their ways.

Re:You maniacs! You blew it up!

People need to actively accept that you are tracking them.

Nope. They've muddied it with "implied consent". Also, you can require it as parts of terms and conditions when signing up (doesn't work for already registered). Couldn't find much on specific details of opting out, except for "must inform about loss in functionality", but my guess is "Well, we're disabling your account, then" might be acceptable. In other words, my central point still stands - users will just say "Get out of my way and let me post on my wall!" and click Accept, just like they do with EULA's and ToS's now. .

If you are using a third party tool like Google Analytics, you need to specify everything Google is going to use the data for. Since Google wont say at this point, you simply can not in any legal way use Google Analytics at this point.

Not really, ICO themselves use GA. The notification also doesn't have to be very detailed, but have a link to policy. Combined with implied consent bullshit it gives a lot of wiggle space for site owners.

Re:You maniacs! You blew it up!

Before entering the webpage you must agree to the following terms and conditions.

You consent to the terms and conditions in our cookie and privacy policy (checkbox) and that you are over 13 and can consent to a webform (enter age).

yes (main page)
no (button does nothing)

Re:You maniacs! You blew it up!

[bbn]

ICO are clearly morons. They write this about their use of Google Analytics:

"These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited."

I am sure this is all correct. But what about _Google_?! What are THEY using the data for? This is also the responsibility of the site owner (ICO).

The fact that the government is breaking the law does not change the law.

The danish government is a bit more knowledgeable. The danish version of these rules are very clear and easy to understand and there is no implied consent bullshit. And I think the UK version does not have implied consent either in the actual law.

Re:You maniacs! You blew it up!

[bbn]

Exactly. Few sites are going to want to do that. They might try what the UK government does on the ICO site (check the bar at the top): http://ico.gov.uk/. However few users is going to click yes in that bar.

Re:You maniacs! You blew it up!

Ummm, if you didn't notice, ICO stands for "Information Commisioner Office" and they're in charge of interpreting and enforcing this shit.

I trust they'd make sure not to fall afoul of their own regulations, and in their guidelines on this law there was a bit to the effect "You could use our policies as a template", IIRC.

Re:You maniacs! You blew it up!

Yes, implied consent can be enough.

If you read the whole guidance document (v. long and boring) you'll see that website operators are required to think about each cookie and the purpose it is used for. A cookie that is used solely to track a logon could be assumed to have implied consent once the user logged on. However, any other tracking cookie issued by the site (or its advertising partners) would require explicit consent. Even the logon cookie would require explicit consent if it was used for any other purpose than managing the logon session.

The implied consent is very limited and (to my mind) very reasonable.

Re:You maniacs! You blew it up!

[Anonymous+Brave+Guy]

You're conflating two issues.

If a cookie is strictly necessary to do something the user has directly requested, all this new silliness was never going to apply anyway. That takes care of session cookies for logging in, shopping carts, and so on.

It's when you start getting into areas like analytics that are not strictly necessary from the user's point of view that you cross into a grey area, and that's where the whole opt-in/opt-out (or, if you prefer, explicit/implicit consent) issue arises.

Re:You maniacs! You blew it up!

[crutchy]

despite all the rest, possibly one good thing that might come out of it is a slight improvement in performance of some websites that opt out of using tracking due to potential for user backlash/abandonment

i personally hate those 1x1 pixel iframes that load go-knows-what 3rd party rubbish that chokes up my connection

one can only hope

Re:You maniacs! You blew it up!

I like how the links don't work if you haven't clicked on the accept button.

Re:You maniacs! You blew it up!

[Kalriath]

You might notice that until you agree to the cookies, the ICO doesn't actually include the GA script in their pages. Goes to show they don't believe they have enough control over Google to ensure that the no cookie rule is followed.

Re:You maniacs! You blew it up!

Why is killing ad-tracking "blowing it up"? Are you sure it is not you that is illiterate? Try reading up on the subject...

They did not ban cookies. They are banning tracking. Not the same thing.

Cookies are ok when necessary for the functionality of the website. Login cookies, webhops and so on are all ok.

Those can all be done without cookies. It's called key-values in the URL or hidden form fields.

The advertiser cookies are done for things like limiting how often you see the same ad, but this is gonna screw it all up.

WIll be very fun to see Gizmodo.co.uk warn...

because atm, ghostery reports 10 diffrent tracking entities.

Pretty much emotional stageplay

At the same time as this happens across all of Europe, they roll out INDECT and the Data Retention Directive.

How about I follow each of the MEPs around and write down on a list everyone they speak to, when they speak and where, over the course of 6 months? That would probably mark me as a terrorist.

Re:Pretty much emotional stageplay

[1s44c]

That would probably mark me as a terrorist.

Didn't you see the news for the last few years? Under current UK laws everyone is a terrorist.

Re:Pretty much emotional stageplay

How about I follow each of the MEPs around and write down on a list everyone they speak to, when they speak and where, over the course of 6 months? That would probably mark me as a terrorist.

We already do follow our MPs (and MEPs).
Eye Spy MP

Re:Pretty much emotional stageplay

[tehcyder]

That would probably mark me as a terrorist.

Didn't you see the news for the last few years? Under current UK laws everyone is a terrorist.

Yeah, and there's like this book called 1984 which I just read, and it's a sort of prophecy of what happens in the UK when you let socialists like George Osborne take control.

Its an EU directive

[stiggle]

While the British government might have implemented, the law comes from the EU.
It actually came in last year and websites were given a year grace to enable the features required.
Its that grace period which has expired, not that the law has now suddenly been introduced.

Re:Its an EU directive

[Chrisq]

While the British government might have implemented, the law comes from the EU.

It will be interesting to know if there was much gold plating though.

Re:Its an EU directive

The UK government is very selective about EU laws it wants to obey. Usually the laws a repressive, so the government can say "oh noes, teh evul EU made us do it, honest".

Re:Its an EU directive

[Rogerborg]

I wouldn't expect so, avoiding gold plating (or claiming to) seems to be a particular hobby horse of the current bunch of clown in Westminster.

Anyway, enforcement is what matters, and given the utter contempt in which the toothless watchdogs at the ICO are held by the industry, I doubt they'll be falling over themselves to comply with this latest dictat.

Not confined to UK

The same measures have been installed in Germany two days ago.
I think it's another stupid EU thing obligatory for all countries within the EUSSR.

The law itself is pointless as you don't have to warn if the cookie is necessary for the functionality of the website.
In other words : always needed, never need to warn.

Re:Not confined to UK

The law itself is pointless as you don't have to warn if the cookie is necessary for the functionality of the website.

So login cookies are ok then?

Re:Not confined to UK

[jholyhead]

"you don't have to warn if the cookie is necessary for the functionality of the website."

Not necessarily true, at least in the UK interpretation of the directive. There are some very thin exemptions. That said, logins and stuff are easy - just add boilerplate that says 'By logging in you are blah blah, cookies, blah blah, first born child, blah'

Re:Not confined to UK

Apparently : yes.

Re:Not confined to UK

[bbn]

Yes login cookies are ok. So are cookies for implementing an online webshop and so on.

It is Google and their ad-tracking that is getting run over by this. Good riddance.

Re:Not confined to UK

[Vulch]

Actually, you *do* have to warn and the definition of "necessary" is quite tight. Login cookies are fine providing there has been a warning as the act of logging in then counts as informed consent.

Re:Not confined to UK

[Gonoff]

It is actually a very good idea. You and I might be capable of controlling what tracking cookies we allow. Most people are not.

Re:Not confined to UK

[Anonymous+Brave+Guy]

It is Google and their ad-tracking that is getting run over by this.

FWIW, it seems Google Analytics is relatively sane on this count, in that the technology they use and their current use of the data are (reportedly) not as intrusive as some people assume.

On the other hand, if say Facebook wanted to track people as they surf the web by using cookies connected with content on third party sites, then Facebook and/or the sites that support them could actually be in trouble at this point, even with all the hedging of bets that is going on at the ICO. I suspect it's "Like" buttons and so on that these rules were really aimed at, not genuine analytics genuinely used by sites for their own improvement.

It "might", but it doesn't.

[Gordonjcp]

The British Gov might have more cameras up on street corners than just about anywhere else in the world

It doesn't, though. The whole "eleventy billion cameras in the UK" thing was made up by one of the screaming right-wing tabloids a few years ago, by counting all the CCTV cameras in about a half-mile stretch of the main street of a fairly scummy part of London, and multiplying by the total length of all the roads in the UK. So, the figure is probably accurate *if* you assume that every single road in the UK has lots of off-licenses, bookmakers, cheque cashing centres, "we buy scrap gold" shops the like - but, it isn't. For the figures to be correct, you'd have to have something like one camera every 60 metres or so on *every single road* right down to farm tracks.

Most cities in the UK have no more CCTV than cities in the US - and if you think US cities don't have CCTV then I wonder what you think CCTV cameras look like...

Re:It "might", but it doesn't.

The British Gov might have more cameras up on street corners than just about anywhere else in the world

It doesn't, though. The whole "eleventy billion cameras in the UK" thing was made up by one of the screaming right-wing tabloids a few years ago, by counting all the CCTV cameras in about a half-mile stretch of the main street of a fairly scummy part of London, and multiplying by the total length of all the roads in the UK. So, the figure is probably accurate *if* you assume that every single road in the UK has lots of off-licenses, bookmakers, cheque cashing centres, "we buy scrap gold" shops the like - but, it isn't. For the figures to be correct, you'd have to have something like one camera every 60 metres or so on *every single road* right down to farm tracks.

Most cities in the UK have no more CCTV than cities in the US - and if you think US cities don't have CCTV then I wonder what you think CCTV cameras look like...

Slash-groupthink at its best. This is a group that will argue for hours over each subclause of copyright law, but will never question statements like this. (That and figure out that the UK != England).

Re:It "might", but it doesn't.

Whatever. The cameras shouldn't exist anyway.

Re:It "might", but it doesn't.

And don't forget that it's always "the government", not "a wide array of independent police forces, highway traffic organisations, private shopping centre security outfits, individual shops and property owners".

Re:It "might", but it doesn't.

That's like disputing how many times someone's been ass-raped. The number fucking hardly matters if it's anything greater than zero. But you're the typical bent-over-with-ass-cheeks-spread left-wing euro-trash, so I'm sure you can't understand why everyone wouldn't want to become a good little bitch like you.

Re:It "might", but it doesn't.

Additionally, to all the left-wing trash this site overfloweth with who might say "but some of those cameras are privately owned": If I was a homo getting worked over by my butt-buddy, I would be consenting to the ass-raping. This is just a tad diffferent than if the cops routinely came by and had their way with my bunghole.

Re:It "might", but it doesn't.

[dave420]

Most are privately-owned, and overlooking their premises.

Re:It "might", but it doesn't.

Businesses don't have right to monitor their property?

Keep in mind that in London businesses often own the square of pavement outside their shop and are responsible for keeping it clean - therefore putting up a camera to watch that area is understandable.

Re:It "might", but it doesn't.

Businesses don't have right to monitor their property?

Not when I constantly end up being recorded without my consent. It used to be that I could go outside without fear of being recorded everywhere I went. Not so anymore. Even someone occasionally overhearing you is preferable to this. At least they don't have perfect memories and aren't everywhere at once.

Re:It "might", but it doesn't.

[wonkey_monkey]

Why is it so hard for people to prefix their own opinions (however widely-shared they may be) with "I think..."?

Re:It "might", but it doesn't.

If only I had modpoints for this and the post to which it refers...

I'm tired of this meme. Can we start another eg take the murder rate per square mile in the worst areas of an American city and extrapolate it over the land area of the US? Admittedly it would equate to killing the world's population several times over but what a great headline cliche it would make.

Re:It "might", but it doesn't.

[dave420]

Then don't go in to "public", stay in "private". That's why we have those two words. Do you start to scream when someone gazes at you in passing? Do you go everywhere with a balaclava on because you hate having your visage burned on to retinas wherever you go? It sounds like you're a paranoid nutcase. I'd pay good money to have you monitored by CCTV because you sound like a lunatic.

Re:It "might", but it doesn't.

Thankyou, you have brightened my day with unexpected amusement. Please, show us an "independent police force" that exists in present-day Britain. Show us a "highway traffic organisation" that isn't entirely controlled by government.

By the way, I couldn't care less about CCTV... I just think it's really funny that you imagine that these government-funded organisations are not under central control. Maybe, for you, government is entirely contained within Westminster Palace, and everybody outside, from Broadcasting House to VOSA, from the Home Office to Lambeth Council, are like totally independent, man.

Re:It "might", but it doesn't.

Do you start to scream when someone gazes at you in passing?

It's funny, because right in my comment I hinted at the difference: humans don't have perfect memories, and the same person isn't everywhere at once (the latter applies mainly to government cameras, not private business).

It sounds like you're a paranoid nutcase.

It sounds like you're a troll. Sorry about not conforming to your grand standards, your majesty. I simply don't want to be recorded. While we're name-calling, you're just a corporate shill!

Re:It "might", but it doesn't.

I don't know where you got the 'eleventy billion cameras' thing but Wikipedia (I know but its often accurate) and several other news sites and groups (telegraph etc) describe the UK as having the highest surveillance/CCTV rate per capita of any Western country and perhaps the world. Do you have any link actually debunking this? And since when is privacy the province of the 'screaming right wing'?

Re:It "might", but it doesn't.

[Gordonjcp]

Oh, it's on Wikipedia so it must be true, eh? If there were as many cameras as that then you'd think I'd have actually seen some about.

Really the right-wing are the anti-privacy lot - the previous right-wing government brought in all the really nasty shit about monitoring phones and emails, and the current load of right-wing extremists are just making it worse. But that's what they're all about - high taxes and big government, with lots of expensive public-funded "jobs for the boys" projects.

Re:It "might", but it doesn't.

There are a lot of sources that say that the UK has a lot of cameras perhaps more than any other place in the world not just wikipedia but telegraph and others. http://www.guardian.co.uk/uk/2009/mar/02/westminster-cctv-system-privacy
  You imply that its bunk but offer no evidence other than claiming that someone said there was 11 billion cameras. Also I don't know why you are harping on the 'rightwing'. Nobody here is praising them or claiming they are privacy champions.

Re:It "might", but it doesn't.

Yes, it's not about private cameras when responding to someone's question about businesses monitoring their premises. Paranoid libertarians don't care what you talk about, they respond with their paranoia no matter what.

Re:It "might", but it doesn't.

It's about both. Call me whatever you wish (and assume that I'm a libertarian). Not all of it has to do with paranoia--I simply don't want to be recorded. Is that so difficult to understand? Or would you rather troll?

If it's "paranoid" to you to believe that the government could use private companies to their own advantage, then so be it. There are many examples of corrupt governments: Nazi Germany, China, the USSR, etc. It's human nature. I simply look at history (China isn't even history) and get scared to death of the government having too many opportunities to abuse the average citizen. But people like you ignore human nature and abuses of power.

The government's cameras are unified and therefore are much worse than private cameras, but I still don't care for either one.

Re:It "might", but it doesn't.

[91degrees]

Most of the articles are based off a single report, or other articles that accept this as fact.

Channel 4's Fact Check has looked into it, and largely considered it unverified guess.

Wikipedia mentions 60000 government cameras which may or may not be particularly high since there's nothing to compare it with.

So who do I contact?

[Serif]

So as a concerned UK citizen, which government department(s) should I be writing to, to request that they prosecute themselves for running an illegal website?

Re:So who do I contact?

[lixns21]

The ICO can be contacted for breach of the E privacy directive using https://www.snapsurveys.com/swh/surveylogin.asp?k=133707671186. I would like you to share examples of sites you think are illegal. Ta

Most CCTV cameras are private

and nothing to do with the government. However the gov (in the form of the police) likes to trawl them for evidence. Usually the cameras are found to be not working when the police are the wrong-doers.

Unworkable and a waste of time.

[lixns21]

The whole focus of this has been towards helping people protect their 'privacy'. But look at the implementation on sites and you will know at once that there is no explicit consent. a) They have a pop-up box that allows you to opt out (disappears after 20s) b) There is a link to their 'Cookie page' c) The consent is bundled with other site functionality (i.e. ability to use FB/Twitter with marketing cookies) indirectly forcing users to accept all cookies. Companies are spending thousands of £s on a whole array of solutions since the EU directive and the UK law are still so broad. I think making the non-savvy users aware is the only way forward. At the same time people must realise that the livelihood of hundreds if not thousands of people depends on data gathered from sites.

Re:Unworkable and a waste of time.

[nospam007]

"At the same time people must realise that the livelihood of hundreds if not thousands of people depends on data gathered from sites."

No, I must not.

Re:Unworkable and a waste of time.

[mvdwege]

If your livelihood is based on spying on me and tracking my browsing habits without my consent, you can starve in the streets for all I care.

Re:Unworkable and a waste of time.

No, I must not.

You fucking idiot.

Re:Unworkable and a waste of time.

[multicoregeneral]

You're totally missing the point. This law effects everyone, not just those that are tracking you for profit. It's not even possible to run a web server that doesn't track you with some kind of analytics. It can't be done easily, and you just need to accept that. So you can talk about how much you want your privacy all you like. But at the end of the day, you, and your uneducated, dangerously inept government need to understand that we live in reality, and these things happen.

That said, if the Parliament really cared about this, they would have required browser makers and software makers that produce web servers to disable cookies by default, with a built in notification process, rather than requiring the entire uk internet to change.

Re:Unworkable and a waste of time.

[mvdwege]

It's your choice to set cookies without my consent. All the law requires is that you get my consent, and guess what? Once you do, you can track me all you want; I consented to it, after all.

And you're talking bullshit. There is no technical reason that a website requires analytics.

So why don't you just take your privacy-raping business model and sod right the hell off?

Re:Unworkable and a waste of time.

This is about storing cookies on the user's computer. It says nothing about keeping server logs.

Implied consent is now ok

[beebware]

48 hours before the law came into force, the ICO issued new guidelines at http://www.ico.gov.uk/news/blog/2012/updated-ico-advice-guidance-e-privacy-directive-eu-cookie-law.aspx which basically reads as "If the user's browser accepts cookies, then they agree to the cookies being stored". Making the whole things pretty moot. Why they waited until the "11th hour" to state the obvious is annoying...

Re:Implied consent is now ok

[digitig]

48 hours before the law came into force, the ICO issued new guidelines at http://www.ico.gov.uk/news/blog/2012/updated-ico-advice-guidance-e-privacy-directive-eu-cookie-law.aspx which basically reads as "If the user's browser accepts cookies, then they agree to the cookies being stored". Making the whole things pretty moot. Why they waited until the "11th hour" to state the obvious is annoying...

I can't find that in there. The nearest I can find seems to be "If the user's browser accepts cookies, and the user has a good understanding of what cookies are and how they are used then they agree to the cookies being stored", with the onus being on the site owner to prove that the users have that level of technical knowledge before setting cookies. That would probably be ok for a tech site, but not for a site aimed at the general public. The one site I manage doesn't use cookies, but if I wanted to implement analytics for example then I reckon I'll still need to implement a landing page.

Re:Implied consent is now ok

[davide+marney]

I think he means the following from the website link:

• "Implied consent is a valid form of consent and can be used in the context of compliance with the revised rules on cookies.
• If you are relying on implied consent you need to be satisfied that your users understand that their actions will result in cookies being set. Without this understanding you do not have their informed consent.

Re:Implied consent is now ok

[juliohm]

"and the user has a good understanding of what cookies are and how they are used" That just means anyone without some sort of official academic degree on (like computer science or any IT course) can legally claim in court he has no knowledge of what cookies are or how they are used. If you're not an expert on the technology used, you have no obligation to assess anything about how it works.

Re:Implied consent is now ok

[mrbester]

Quite. There's nothing to see here any more. For implied consent you just need a suitably descriptive privacy policy page, which most sites already have. The 11th hour relaxing means everybody can pretty much carry on as usual

Re:Implied consent is now ok

I think he means this part:

consent may be signified by a subscriber who amends or sets controls on the
internet browser which the subscriber uses or by using another application or
programme to signify consent.

At present, most browser settings are not sophisticated enough for websites to
assume that consent has been given to allow the site to set a cookie. For
consent to be clearly signified by the browser settings it would need to be clear
that subscribers had been prompted to consider their current browser settings
and, had either indicated in some way they were happy with the default, or have
made the decision to change the settings.

Depending on interpretation, it might mean "We're setting the cookies, if you don't like it, go change your browser settings, kthxbai", which none of nontechie users will be bothered to do (just let me watch this cat video, dammit!)

Re:Implied consent is now ok

[digitig]

Quite. There's nothing to see here any more. For implied consent you just need a suitably descriptive privacy policy page which the users pass through before any cookies are set, which most sites don't already have. The 11th hour guidance means things are as bad as was feared.

FTFY

.

More quotes from the guidance:

"It has been suggested that the fact that a visitor has arrived at a webpage should be sufficient evidence that they consent to cookies being set or information being accessed on their device. The key here is that the visitor should understand that this is the case. It is important to note that it would be extremely difficult to demonstrate compliance simply by showing that a user visited a particular site or was served a particular advertisement unless it could also be demonstrated that they were aware this would result in cookies being set. In compliance terms this difficulty arises because although the person setting the cookie may think that there is an inference of consent, without information being given to the user, it is unlikely that they will understand that they are giving any sort of agreement. This remains the case if information is provided to the user but only as part of a privacy notice that is hard to find, difficult to understand or rarely read." ... "Many users will have some general notion that websites and third parties will collect information about how sites are used but it is difficult to take these rather vague notions and assume that all users will have sufficient knowledge to allow the person setting the cookie to infer consent simply because the user’s browser requested the content or the user searched for the service." ... "To rely on implied consent for cookies, then, it is important that the person seeking consent can satisfy themselves that the user’s actions are not only an explicit request for content or services but also an indirect expression of the user’s agreement that in addition to providing such content or services the provider may store or access information on the user’s device. To be confident in this regard the provider must ensure that clear and relevant information is readily available to users explaining what is likely to happen while the user is accessing the site and what choices the user has in terms of controlling what happens."

"Setting cookies before users have had the opportunity to look at the information provided about cookies, and make a choice about those cookies, is likely to lead to compliance problems."

All of which seems to mean I would need to provide a landing page to explain about cookies before taking the user to any pages on which analytics are applied

Re:Implied consent is now ok

[digitig]

I agree -- but that does seem to be what the guidance demands.

Re:Implied consent is now ok

[digitig]

Well, if "most browser settings are not sophisticated enough for websites to assume that consent has been given to allow the site to set a cookie" that means that I can't assume consent has been given for my site to set a cookie, doesn't it? Unless I find out which browsers are sophisticated enough and check for them. Remember the onus of proof is on whoever sets the cookie.

Re:Implied consent is now ok

[MrAngryForNoReason]

All of which seems to mean I would need to provide a landing page to explain about cookies before taking the user to any pages on which analytics are applied

Most of the implementations I have seen so far just land the user on the page, but don't load the analytics javascript. The page has a "Accept cookies read more on our cookie description page" bar across the top and when the user clicks Accept it then loads the javascript. Others just have a bar that states "By continuing to use this website you are consenting to us using cookies to collect non-identifiable analytics" with a link to a cookie policy.

Not actually that crazy

[jcupitt65]

The regulations are not actually as crazy as this story makes them out to be. Here are the latest guidance notes from ICO:

http://www.ico.gov.uk/news/blog/2011/~/media/documents/library/Privacy_and_electronic/Practical_application/guidance_on_the_new_cookies_regulations.ashx (PDF)

Page 10 has a summary table with some examples of banned (ie. explicit permission required) and OK cookies:

ALLOWED

shopping basket cookies
security cookies (banking, session id, etc.)
load balancing track things

BANNED

analytical cookies (eg. count unique users)
advertising, both first and third party
remembering users between sessions for trivial purposes, eg. display a "welcome back" banner

Re:Not actually that crazy

[alexgieg]

analytical cookies (eg. count unique users)

Because God forbid website owners aggregate information for optimization purposes. After all, let's all just pretend IE is everything everyone uses, all our users male, there's no purpose in trying to figure out anything precisely, optimizing for our best wild guesses and/or for whatever industry marketers says is fine, and only evil people engage in this newfangled silliness called "math".

Jokes aside, I predict UK will see a surge in AWStats usage, plus a resurgence of very long URLs (including old-style web bugs with very long URLs).

In short: another idiotic and plainly useless law.

Re:Not actually that crazy

[radio4fan]

I predict UK will see a surge in AWStats usage, plus a resurgence of very long URLs (including old-style web bugs with very long URLs).

This wouldn't get around the law. Non-cookie based tracking is also covered.

The media may call it the 'Cookie law', but the article title's "No tracking law" is more accurate.

Re:Not actually that crazy

This garbage about optimizing the web experience has to end. You want to improve my web experience? Post useful content.

Everything else about tracking is to optimize profits and has nothing to do with me.

Linkbait is not optimization.

Re:Not actually that crazy

[mvdwege]

And God forbid you should actually read the EU directive and the UK law and think instead of jerking your knee.

'Banned' cookies means they are banned if you place them without prior consent.

Mart

The irony

It's ironic having this law in the UK while you can be tracked IRL there nearly everywhere by CCTV cameras that identify your face or your car's plate number.

Re:The irony

[dave420]

No, that is an urban legend, and it reflects very poorly on you when you parrot it, as clearly you have spent no time investigating whether the claim is true or not before regurgitating it as fact.

Re:The irony

It isn't 1984 certainly but the density of cameras is just remarkable in certain areas. The fact is they have those and legislation keeps being pushed which has the 'country's security' in mind, letting anonymity fall away.

Re:The irony

[tehcyder]

No, that is an urban legend, and it reflects very poorly on you when you parrot it, as clearly you have spent no time investigating whether the claim is true or not before regurgitating it as fact.

At least he didn't mention Nineteen Eighty sodding Four.

Re:The irony

[dave420]

The density of cameras? Most are privately owned. I don't see a problem.

Implementations suck too

[Zocalo]

Where sites have actually implemented this new directive, the implementations often suck just as much as the law, which is not particularly surprising given how poorly it's worded. If you have cookies disabled through your default browser policies the end result on many sites where is a permanantly visible prompt to "Click here to read and accept our cookie policy". Yep, that's right. You have to enable cookies to let them set a cookie that says they will not use cookies to track you.

I'm fairly sure that some of these sites realise that you could set a cookie, immediately try to read it back and if that fails assume cookies are blocked skipping the display of the prompt, and either way you remove the cookie. But no, this law is so poorly written it's not totally clear whether even this would be a breach of the legislation or not and clarification has still not been provided, so as usual for the EU the intention might be good, but the implementation leaves a hell of a lot to be desired. In this case, I can see a number of people are going to end up re-enabling cookies just to get rid of the prompts and end up getting tracked by all those sites who don't implement the law because they are outside the EU's jurisdiction and/or just don't care - completely the opposite of the desired effect.

Re:Implementations suck too

If you have cookies disabled through your default browser policies the end result on many sites where is a permanantly visible prompt to "Click here to read and accept our cookie policy". Yep, that's right. You have to enable cookies to let them set a cookie that says they will not use cookies to track you.

Yes, that is what advertisers want us to believe. You realize advertising quite often is not about telling the truth, don't you? In reality (Iceweasel): Edit -> Preferences -> Privacy. First item: "Tell websites I do not want to be tracked"

This results in a HTTP header to be added to your requests indicating you do not want to be tracked. Most major browsers support it, Chrome will later this year.

If website owners or advertisers tell you it will be the kind of mess you describe they are either not aware of what's possible or they're being nasty to their visitors on purpose to push their agenda, which is a very effective way to avoid getting any sympathy from me.

And nobody

gave a flying fuck

s/No/Yes/

It's an opt-out which is mandated. The situation is the same as before, only now the website have to be a little more obvious about what they're doing than they were before.

Other countries, such as the Netherlands, have mandated opt-in. There an actual change is happening.

Madness

So corporations (who are really only interested in selling you more or better products) can't watch or track users accessing their own websites, but the UK government (who are in control of the police, the military, health care, social security, education) get to snoop on ALL of its citizens' communications in real-time and without oversight or due suspicion? Madness. In the long term, know who I'd prefer watching my behavior.

I don't live in the UK, but if I did, I'd be signing this: http://epetitions.direct.gov.uk/petitions/32400 . Doesn't the UK listen to its intellectuals any more? It's unbelievable that Orwell and Huxley have been defeated by the impotent argument of "if you've got nothing to hide, you've got nothing to fear".

Re:Madness

[__Paul__]

Doesn't the UK listen to its intellectuals any more?

You must be new to this planet.

Re:Madness

[tehcyder]

Doesn't the UK listen to its intellectuals

We don't have intellectuals in the UK. We leave that sort of nonsense to the French

Harm Europe economically?

[Geeky]

All this will do is harm European companies at the expense of ones based elsewhere.

I've seen UK based sites start to implement this, but there's no chance that Facebook, Google etc will follow suit - so if the tracking actually does have monetary value, we've just guaranteed that only non-European companies can benefit from it. Woohoo.

Re:Harm Europe economically?

[AmiMoJo]

Facebook and Google will follow suit because they have significant business interests in Europe. They have to comply with local laws to do business here, it is as simple as that.

Re:Harm Europe economically?

[Geeky]

Facebook and Google will follow suit because they have significant business interests in Europe. They have to comply with local laws to do business here, it is as simple as that.

I'm not sure, every article I've read seems to refer to websites based here rather than visible from here. I have yet to see anything that implies the law would be applied to sites hosted elsewhere or by companies based outside of the UK.

Re:Harm Europe economically?

[0123456]

I'm not sure, every article I've read seems to refer to websites based here rather than visible from here. I have yet to see anything that implies the law would be applied to sites hosted elsewhere or by companies based outside of the UK.

Don't forget 'The Cloud'. Last time I tried a traceroute to my web site it appeared to be in Germany... I've no idea where it might be running today.

Re:Harm Europe economically?

[AmiMoJo]

Google and Facebook do host services in Europe. Otherwise latency to the US would be terrible and their sites about as slow as crap like PayPal. Both Google and Facebook have offices in the UK with registered UK subsidiaries.

Look at Microsoft. Fined millions by the EU for breaking competition rules. They are a US company.

Hosted in Britain only or British-owned?

[mallydobb]

What does this mean, if anything, for UK owned sites hosted outside of the Queen's reach?

Re:Hosted in Britain only or British-owned?

If they're British-owned they're subject to the directive.

Re:Hosted in Britain only or British-owned?

[PPH]

The Queen will command her fleet to sail to the country hosting the offending web site and burn their capitol.

The 37%

On page 3 of http://www.ico.gov.uk/news/blog/2011/~/media/documents/library/Privacy_and_electronic/Practical_application/guidance_on_the_new_cookies_regulations.ashx it states that 37% of users don't know how to manage cookies. So, we've got implied consent where 37% of users don't know how to give consent.

Retarded lawmakers.

[hack++slash]

This new law is fucking ludicrus, I generally block all cookies except certain websites, and one of the UK websites I visit has put a pink banner at the top warning about the cookie crap saying I will only see it once, but it relies on cookies to tell wether the banner has already been displayed, meaning it's ALWAYS there because I've blocked cookies on that site.

Who the fuck came up with the idea of using cookies to warn you about the use of cookies?

Re:Retarded lawmakers.

"Cookies! Cookies! Me love cookies!" said the cookie monster.

Re:Retarded lawmakers.

[tehcyder]

I came for a cookie monster comment, and can now leave this thread, contented.

Eat Your Own Dogfood Law

[davide+marney]

FTA, " amusingly even the governments own websites aren't ready." I'd be in favor of an Eat-Your-Own-Dogfood law that stipulates that a) laws that apply to private businesses also apply to the government, and b) no law need be implemented by the private sector until implemented by the government.

Not the politicians

[Kupfernigk]

It is the Civil Service. It has been commented, both by a retiring senior civil servant and an experienced Minister, that the Civil Service is full of people with dumb-as-a-very-dumb-thing ideas. The usual objection is that the proponents assume that everybody is exactly like them, and so once a law is passed people will just automatically obey it, and once an agency is set up it will instantly work perfectly.

Normally these people are kept in warm environments with soft lighting so they can't hurt themselves and cannot be released into the environment because of the damage they would do. But when times are difficult Ministers are looking for good ideas and they get presented with the loony schemes. Inexperienced Ministers - and the current lot are almost all very inexperienced indeed - may get taken in, and so these schemes see the daylight.

Mrs. Thatcher, long may she rot, at least realised that the privatisation of streets and the railways were loony ideas too far. The next Government was inexperienced enough to fall for rail privatisation (unfortunately writing about at least one of the proponents of this here could result in a libel suit).

I do sometimes wonder if, in fact, a number of our Eastern European immigrants are former Stasi members under fake passports who are running the Home Office. But that might be unfair to the Stasi.

Re:Not the politicians

[jc42]

It has been commented, both by a retiring senior civil servant and an experienced Minister, that the Civil Service is full of people with dumb-as-a-very-dumb-thing ideas. The usual objection is that the proponents assume that everybody is exactly like them, and so once a law is passed people will just automatically obey it, and once an agency is set up it will instantly work perfectly.

Yeah, and in this case there's an even worse aspect to the problem: This is a law pertaining to the actions not of people, but of software. All the AI dreaming to the contrary, software doesn't act the least bit like a human mind. The chance of any software being written that satisfies this and other laws will differ only infinitesimally from zero. We have a lot of software people here on /., and they should all be a bit nervous about being held responsible for their software that tries to satisfy this and other laws.

The few passages I've seen quoted from this UK law make it pretty clear to me that there's no way I could possibly implement it correctly, in any of the dozen or so programming languages that I know well. This is because it's written in a mixture of legalese and bureaucratese, which are languages that I know well enough to know that I don't stand a chance of interpreting them well enough to do the job correctly. (And having them explained by the typical B-school graduate isn't going to help me do the job correctly, either. ;-)

Do they use the word "cookies"

[juliohm]

Creating laws specific to the technology at hand seems like a complete nonsense to me. Today we use cookies in plain text headers of HTTP. Who knows what's going to be used as a standard in the future! If they use something else other than cookies, then it's OK to be tracked according to this law?

Re:Do they use the word "cookies"

Short answer: No, the legislation is better than that, and the ICO's guidance better still.

Don't blame EU, here's the directive

Unless I'm mistaken, the relevany EU document is this and the relevant paragraph is:

Third parties may wish to store information on the equipment of a user, or gain access to information already stored, for a number of purposes, ranging from the legitimate (such as certain types of cookies) to those involving unwarranted intrusion into the private sphere (such as spyware or viruses). It is therefore of paramount importance that users be provided with clear and comprehensive information when engaging in any activity which could result in such storage or gaining of access. The methods of providing information and offering the right to refuse should be as user-friendly as possible. Exceptions to the obligation to provide information and offer the right to refuse should be limited to those situations where the technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user. Where it is technically possible and effective, in accordance with the relevant provisions of Directive 95/46/EC, the user’s consent to processing may be expressed by using the appropriate settings of a browser or other application. The enforcement of these requirements should be made more effective by way of enhanced powers granted to the relevant national authorities.

In other words, the directive says that when a service tracks users, it should provide clear and comprehensive information about that in as user-friendly way as possible... And specifically says that methods such as users being able to select this in browser settings are fine... and that you don't need to explicitly tell them that you track them the way they expect such a service would track them.

Not sure if even that

The directive specifically says that user choosing this kind of things in browser settings is fine. Google respects the "don't track me" thing that browsers enable. Aside from that, I'm not sure that they need to do anything else.

SettingsPrivacyAccept Cookies

[mshenrick]

If you care enough to lobby the government, you care nough to be able to find out how to disable cookies on your browser. Do I have to inform users that Apache saves logs?

lack of actual THINKING??

[RobertLTux]

most folks don't say "I think ...." simply because they are not in the practice of actually thinking.

if you saw a 2 foot high neon sign on a store stating "Everything Yogurt & Salad Cafe" would you think the place had icecream??

the number one question asked when i had that job: "Y'all have Icecream???"

Re:lack of actual THINKING??

Right. If you did a bit of thinking, you would realize that the reason they asked was because they couldn't tell from the name. If they wanted a yogurt, they would just have said "one yogurt plz". Since they weren't sure if you had ice cream, they had to ask.

Now, if you were actually smart, and there really were that many people wanting ice cream, you'd just have gone to Walmart and bought a tub for $2 and then resold it at $2 per scoop.

Sweden is way ahead of you

[pEBDr]

In Sweden, we've had this law (in Sweden called Lagen om Elektronisk Kommunikation, LEK, the Law of Electronic Communication) for almost 9 years, more specifically since 25th of July 2003. When it was introduced, neither the government nor the police met the demands set by the law, and they were immediately facetiously reported to the police for it by a number of "concerned citizens", but they weren't charged. After a couple of months they'd implemented the necessary information on their web sites. I haven't heard of anyone having problems with the law (nor of anyone actually following it except the very large web sites), so probably the case law is quite reasonable.

The clueless leading the clueless

How on God's green Earth can the UK govt. expect to enforce this? Most (or at least many) of the sites UK citizens visit are not based in the UK. Do they expect EVERYONE to adhere to there laws and regulations in this regard? What maroons!

That's because...

[multicoregeneral]

Nobody's really sure what they meant when they wrote it. The wording doesn't make sense. Web developers don't have the legal background to understand it, and lawyers don't have the technical background to know what it's about. If my reading of it is correct, it requires an entirely new server architecture because apache cares way too much what's going on. At work, the head of legal couldn't tell me what kind of cookies are covered either. He said to "air on the side of caution" and remove all cookies. I explained to him what that means, and he said "I think it's just for e-commerce sites anyway." I truly hope that they don't try to make an example of us. We're huge, and we do a lot of business in the UK. And we're totally un-fucking-prepared.

Re:That's because...

... He said to "air on the side of caution" ...

The word is "err", not "air".

Can we get...

a little editing here?

.... or is it?

http://www.guardian.co.uk/technology/2012/may/26/cookies-law-changed-implied-consent

Central control

[Tim+Ward]

My council's CCTV system is most certainly under our control and not under any central control. The police do have appropriate access to it, but with council staff (who are more directly subject to democratic accountability than the police) as gatekeepers.

We could close the system down tomorrow if we wanted to, with no need to consult any "central control". It wouldn't do us any good at the next election, of course, as the punters like the cameras and keep asking for more.

Re:Central control

But you're part of the government, so those cameras are ultimately controlled by the government.

Sorry, but it really isn't more complicated than that. It's laughable to suggest that a local council is independent. Are you able to secede, declare independence, establish your own borders and armed forces, and reject the authority of Brussels and Westminster? Of course not! All of your assets - absolutely all of them - are ultimately under the control of central government. Including your CCTV cameras.

Re:Central control

[Kalriath]

That's simply not true, and never has been. I live in New Zealand, which is a British territory, and we operate in a similar manner - there is local government, and central government. Local government can set bylaws, own stuff, provide services, whatever. They are not in any way shape or form accountable to central government, short of being bound by law - there is no central control whatsoever. In fact, our central government is currently in the middle of a scrap with our city councils (local authorities) because the right wing government is demanding that the left wing councils privatise all their assets to cover their expenses, and the councils are refusing, instead demanding the government stop funneling money to a civil construction firm spending billions on highways to nowhere.

Re:Central control

So apart from being dependent on national government, they're independent? Right....

You will find that the "right-wing government" can get its way with the local governments if it really wants to. Maybe it is not really trying? I'm sure that a "right-wing government" headed by, say, Mussolini or Franco would make short work of your council.

Re:Central control

[Kalriath]

Unlikely. My city is literally half the country, and a force to be reckoned with. And no, cities aren't dependent on the government except insofar as they all claw back (in the form of government loans, would you believe it) tax money to cover infrastructure. Our city is half the country but gets far less than half the tax take. But no, the central government does not have absolute control, and in fact is virtually gutted in power compared to local authorities. Central government can control things like whether something is illegal or not, and the assets under its' direct control (the national airline, 3 of 4 power companies, the rail network) but has no control over local government assets (the country's ports, the larger airport, swathes of pensioner housing, the train companies, etc).

Blatantly false

It's not even possible to run a web server that doesn't track you with some kind of analytics.

It is trivial to run a web server without tracking. I click the “Web Sharing” check box in the Sharing preference pane. Done. I am now running a web server without tracking.

Mac OS X uses Apache as its web server. So it must be possible to configure Apache not to do tracking.

Re:Blatantly false

[Kalriath]

Have a look in /var/log sometime. Holy crap tracking data!

Session cookies are fine

[Richard_J_N]

* It's reasonably clear (from most guidelines) that session cookies are fine, (because they are essential to functionality). Furthermore, implict consent is given by the act of logging in,

* Long term preference cookies "remember my name and my customisations" are also OK, though it's usually good practice to notfiy the user (the T&C is sufficient for this).

* Analytics cookies (eg Google Analytics) really should be covered by the directive, but basically aren't.

* Evil (cross site advertiser tracking cookies) ought to be exterminated...but these ones can simply be consented into, without really understanding.

Tracking the non-trackables

To be sure that you aren't being tracked, we need to make a database to contain all those who don't want to be tracked.

Just for your convenience of course (and ours as well).

sucks to be you

Time for the brits to vote all those mental retards out of office if they can, oh wait they can't.

learn how to setup your browser

[MadMaverick9]

you don't need some govt to tell ( companies | you ) what ( they | you ) can or can not do.

NO - you, the user, need to learn how to properly setup and use your browser.

Cookie-Whitelist in Mozilla Firefox setting up a cookie whitelist in Firefox requires no add-ons. It uses default functionality present in Firefox.