UK "No Tracking Law" Now In Effect

← Back to Stories (view on slashdot.org)

UK "No Tracking Law" Now In Effect

Posted by samzenpus on Sunday May 27, 2012 @09:05PM from the no-cookies-for-you dept.

Fluffeh writes "The British Gov might have more cameras up on street corners than just about anywhere else in the world, but it seems that the Gov doesn't want anyone else stepping on the privacy of their folks. In what the media have dubbed the 'Cookie Law' all operators of websites in Britain must notify users of the tracking that the website does. This doesn't only cover cookies, but all forms of tracking and analytics performed on visitors. While there are potential fines up up to 500,000 pounds (Over US$750,000) for websites not following these new rules, the BBC announced that very few websites are ready, even most of its own sites aren't up to speed — and amusingly even the governments own websites aren't ready."

39 of 208 comments (clear)

Min score:

Reason:

Sort:

do as I say, not as I do. by Nyder · 2012-05-27 21:09 · Score: 4, Insightful

Been hearing this my whole life.

--
Be seeing you...
1. Re:do as I say, not as I do. by Anonymous Coward · 2012-05-27 21:15 · Score: 4, Funny
  
  You have the voice of god in your head!
2. Re:do as I say, not as I do. by Splab · 2012-05-28 00:10 · Score: 3, Insightful
  
  Silly to post something like this when European obviously aren't around to debunk the crap in TFA.
  It's not about the British Government not wanting others to snoop on their citizens; the no cookie law is a European mandate and all member nations are required to implement it within the next few years.
  And yes, most sites are going to have some real trouble implementing this.
3. Re:do as I say, not as I do. by DrXym · 2012-05-28 01:00 · Score: 3, Informative
  
  It's not too hard to conform with the rules. It mainly involves getting user consent before issuing tracking cookies. i.e. a web filter might test for a user-has-consented-to-tracking cookie and redirect them to an informational page explaining what cookies or data is stored on the user's machine and what it does. If they click OK then the user-has-consented-to-tracking cookie is set and it's business as usual.
  Cookies to do with security, checkout baskets etc. are largely exempt. The law is to control analytics cookies from advertisers, sites that remember users and so forth.
  A bigger issue is this law is going to be hideously hard to enforce, there are plenty of edge cases to consider (such that the guidelines are 30 pages long) and at the end of the day it's not really doing much for the user. I think it would have been better to oblige EU sites under law to honour a "do not track" cookie sent by the browser with various levels of privacy control.
4. Re:do as I say, not as I do. by Impy+the+Impiuos+Imp · 2012-05-28 01:38 · Score: 2
  
  So nobody gets to observe you intrusively and in detail...except the one entity proven to be vastly the most harmful to human existence, as shown by actual historical evidence. Indeed, the vast bulk of history is this evidence itself.
  Also as learned from history, nobody learns from history.
  
  --
  (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
5. Re:do as I say, not as I do. by multicoregeneral · 2012-05-28 03:00 · Score: 2
  
  Is that what they call it now? I always called him bob.
  
  --
  This signature intentionally left blank.
You maniacs! You blew it up! by jholyhead · 2012-05-27 21:14 · Score: 5, Insightful

This is another example of what happens when you let computer illiterate politicians have a say in technology regulations

To be fair, the ICO has proven itself utterly inept when it comes to enforcing its own regulations - I can't see them doing any better with this idiocy.
1. Re:You maniacs! You blew it up! by bbn · 2012-05-27 21:51 · Score: 3, Interesting
  
  Why is killing ad-tracking "blowing it up"? Are you sure it is not you that is illiterate? Try reading up on the subject...
  They did not ban cookies. They are banning tracking. Not the same thing.
  Cookies are ok when necessary for the functionality of the website. Login cookies, webhops and so on are all ok.
2. Re:You maniacs! You blew it up! by Anonymous Coward · 2012-05-27 22:42 · Score: 5, Informative
  
  They are not banning anything. They are requiring notifying user about tracking. Not the same thing.
  If this means that every site just shows something like "We use cookies to give you best experience and provide relevant advertising. We also use few analytics scripts", people will simply start ignoring it just like they're clicking through EULAs now. After that, websites could even easily get people to consent to "... and also we'll watch you while you touch yourself. Here, we warned you" - most won't even notice.
3. Re:You maniacs! You blew it up! by Anonymous+Brave+Guy · 2012-05-28 00:25 · Score: 4, Interesting
  
  People need to actively accept that you are tracking them. Just showing such text somewhere is not enough.
  Actually, the ICO seems to have pulled a complete U-turn with 48 hours to go, and now says that implied consent can be enough.
  Whether that will stand up to the seemingly inevitable legal challenge in the European courts remains to be seen, but I suspect even the ICO think this is a dumb law behind the scenes, and their language has been softening substantially in recent weeks relative to their early advice.
  
  --
  If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
4. Re:You maniacs! You blew it up! by 1s44c · 2012-05-28 00:26 · Score: 3, Insightful
  
  Fascists don't want money, they want power. Money will just turn up as offerings from servants. The fascist dream is an abhorrent crime with a heavy punishment that everyone is guilty of.
  Anytime you don't seem subservient enough they lock you up for this crime whilst ignoring everyone else who did nothing to get their attention.
  1984 called it 'thought-crime'. The UK government recently re-branded it 'terrorism' and removed the requirement to have any evidence whatsoever. Maybe they want to expand their list of criminals to everyone with a website.
5. Re:You maniacs! You blew it up! by bbn · 2012-05-28 00:53 · Score: 2
  
  They are confused. It is not possible to tell the user and at the same time not tell the user. It is very clear what you have to tell the user BEFORE setting any cookies, implied or not. So you need a landing page either way.
  The problem with Google Analytics is that Google is not telling what they are going to use the data for. You can not tell the user what you do not know yourself. So it is impossible to use Google Analytics until Google change their ways.
6. Re:You maniacs! You blew it up! by bbn · 2012-05-28 01:12 · Score: 3, Interesting
  
  ICO are clearly morons. They write this about their use of Google Analytics:
  "These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited."
  I am sure this is all correct. But what about _Google_?! What are THEY using the data for? This is also the responsibility of the site owner (ICO).
  The fact that the government is breaking the law does not change the law.
  The danish government is a bit more knowledgeable. The danish version of these rules are very clear and easy to understand and there is no implied consent bullshit. And I think the UK version does not have implied consent either in the actual law.
WIll be very fun to see Gizmodo.co.uk warn... by Anonymous Coward · 2012-05-27 21:14 · Score: 4, Interesting

because atm, ghostery reports 10 diffrent tracking entities.
Pretty much emotional stageplay by Anonymous Coward · 2012-05-27 21:19 · Score: 3, Insightful

At the same time as this happens across all of Europe, they roll out INDECT and the Data Retention Directive.
How about I follow each of the MEPs around and write down on a list everyone they speak to, when they speak and where, over the course of 6 months? That would probably mark me as a terrorist.
Re:Idiots by Anonymous Coward · 2012-05-27 21:20 · Score: 5, Funny

It's true, Europe is the worst country in the world.
Its an EU directive by stiggle · 2012-05-27 21:20 · Score: 5, Informative

While the British government might have implemented, the law comes from the EU.
It actually came in last year and websites were given a year grace to enable the features required.
Its that grace period which has expired, not that the law has now suddenly been introduced.
It "might", but it doesn't. by Gordonjcp · 2012-05-27 21:30 · Score: 5, Informative

The British Gov might have more cameras up on street corners than just about anywhere else in the world
It doesn't, though. The whole "eleventy billion cameras in the UK" thing was made up by one of the screaming right-wing tabloids a few years ago, by counting all the CCTV cameras in about a half-mile stretch of the main street of a fairly scummy part of London, and multiplying by the total length of all the roads in the UK. So, the figure is probably accurate *if* you assume that every single road in the UK has lots of off-licenses, bookmakers, cheque cashing centres, "we buy scrap gold" shops the like - but, it isn't. For the figures to be correct, you'd have to have something like one camera every 60 metres or so on *every single road* right down to farm tracks.
Most cities in the UK have no more CCTV than cities in the US - and if you think US cities don't have CCTV then I wonder what you think CCTV cameras look like...
1. Re:It "might", but it doesn't. by Anonymous Coward · 2012-05-27 21:52 · Score: 4, Insightful
  
  The British Gov might have more cameras up on street corners than just about anywhere else in the world
  It doesn't, though. The whole "eleventy billion cameras in the UK" thing was made up by one of the screaming right-wing tabloids a few years ago, by counting all the CCTV cameras in about a half-mile stretch of the main street of a fairly scummy part of London, and multiplying by the total length of all the roads in the UK. So, the figure is probably accurate *if* you assume that every single road in the UK has lots of off-licenses, bookmakers, cheque cashing centres, "we buy scrap gold" shops the like - but, it isn't. For the figures to be correct, you'd have to have something like one camera every 60 metres or so on *every single road* right down to farm tracks.
  Most cities in the UK have no more CCTV than cities in the US - and if you think US cities don't have CCTV then I wonder what you think CCTV cameras look like...
  Slash-groupthink at its best. This is a group that will argue for hours over each subclause of copyright law, but will never question statements like this. (That and figure out that the UK != England).
2. Re:It "might", but it doesn't. by dave420 · 2012-05-27 22:53 · Score: 2
  
  Most are privately-owned, and overlooking their premises.
3. Re:It "might", but it doesn't. by wonkey_monkey · 2012-05-28 00:14 · Score: 2
  
  Why is it so hard for people to prefix their own opinions (however widely-shared they may be) with "I think..."?
  
  --
  systemd is Roko's Basilisk.
Re:Not confined to UK by jholyhead · 2012-05-27 21:46 · Score: 2

"you don't have to warn if the cookie is necessary for the functionality of the website."

Not necessarily true, at least in the UK interpretation of the directive. There are some very thin exemptions. That said, logins and stuff are easy - just add boilerplate that says 'By logging in you are blah blah, cookies, blah blah, first born child, blah'
Re:Not confined to UK by Vulch · 2012-05-27 21:48 · Score: 2

Actually, you *do* have to warn and the definition of "necessary" is quite tight. Login cookies are fine providing there has been a warning as the act of logging in then counts as informed consent.
Implied consent is now ok by beebware · 2012-05-27 21:50 · Score: 5, Informative

48 hours before the law came into force, the ICO issued new guidelines at http://www.ico.gov.uk/news/blog/2012/updated-ico-advice-guidance-e-privacy-directive-eu-cookie-law.aspx which basically reads as "If the user's browser accepts cookies, then they agree to the cookies being stored". Making the whole things pretty moot. Why they waited until the "11th hour" to state the obvious is annoying...
1. Re:Implied consent is now ok by digitig · 2012-05-27 22:32 · Score: 4, Informative
  
  48 hours before the law came into force, the ICO issued new guidelines at http://www.ico.gov.uk/news/blog/2012/updated-ico-advice-guidance-e-privacy-directive-eu-cookie-law.aspx which basically reads as "If the user's browser accepts cookies, then they agree to the cookies being stored". Making the whole things pretty moot. Why they waited until the "11th hour" to state the obvious is annoying...
  I can't find that in there. The nearest I can find seems to be "If the user's browser accepts cookies, and the user has a good understanding of what cookies are and how they are used then they agree to the cookies being stored", with the onus being on the site owner to prove that the users have that level of technical knowledge before setting cookies. That would probably be ok for a tech site, but not for a site aimed at the general public. The one site I manage doesn't use cookies, but if I wanted to implement analytics for example then I reckon I'll still need to implement a landing page.
  
  --
  Quidnam Latine loqui modo coepi?
Not actually that crazy by jcupitt65 · 2012-05-27 21:59 · Score: 5, Informative

The regulations are not actually as crazy as this story makes them out to be. Here are the latest guidance notes from ICO:
http://www.ico.gov.uk/news/blog/2011/~/media/documents/library/Privacy_and_electronic/Practical_application/guidance_on_the_new_cookies_regulations.ashx (PDF)
Page 10 has a summary table with some examples of banned (ie. explicit permission required) and OK cookies:

ALLOWED
shopping basket cookies
security cookies (banking, session id, etc.)
load balancing track things
BANNED
analytical cookies (eg. count unique users)
advertising, both first and third party
remembering users between sessions for trivial purposes, eg. display a "welcome back" banner
1. Re:Not actually that crazy by radio4fan · 2012-05-28 00:18 · Score: 2
  
  I predict UK will see a surge in AWStats usage, plus a resurgence of very long URLs (including old-style web bugs with very long URLs).
  This wouldn't get around the law. Non-cookie based tracking is also covered.
  The media may call it the 'Cookie law', but the article title's "No tracking law" is more accurate.
Implementations suck too by Zocalo · 2012-05-27 22:17 · Score: 2

Where sites have actually implemented this new directive, the implementations often suck just as much as the law, which is not particularly surprising given how poorly it's worded. If you have cookies disabled through your default browser policies the end result on many sites where is a permanantly visible prompt to "Click here to read and accept our cookie policy". Yep, that's right. You have to enable cookies to let them set a cookie that says they will not use cookies to track you.

I'm fairly sure that some of these sites realise that you could set a cookie, immediately try to read it back and if that fails assume cookies are blocked skipping the display of the prompt, and either way you remove the cookie. But no, this law is so poorly written it's not totally clear whether even this would be a breach of the legislation or not and clarification has still not been provided, so as usual for the EU the intention might be good, but the implementation leaves a hell of a lot to be desired. In this case, I can see a number of people are going to end up re-enabling cookies just to get rid of the prompts and end up getting tracked by all those sites who don't implement the law because they are outside the EU's jurisdiction and/or just don't care - completely the opposite of the desired effect.

--
UNIX? They're not even circumcised! Savages!
Re:Unworkable and a waste of time. by nospam007 · 2012-05-27 22:31 · Score: 2

"At the same time people must realise that the livelihood of hundreds if not thousands of people depends on data gathered from sites."
No, I must not.
Harm Europe economically? by Geeky · 2012-05-27 22:53 · Score: 4, Interesting

All this will do is harm European companies at the expense of ones based elsewhere.
I've seen UK based sites start to implement this, but there's no chance that Facebook, Google etc will follow suit - so if the tracking actually does have monetary value, we've just guaranteed that only non-European companies can benefit from it. Woohoo.

--
Sigs are so 1990s. No way would I be seen dead with one.
1. Re:Harm Europe economically? by AmiMoJo · 2012-05-28 00:08 · Score: 2
  
  Facebook and Google will follow suit because they have significant business interests in Europe. They have to comply with local laws to do business here, it is as simple as that.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Re:Idiots by Anonymous Coward · 2012-05-27 23:41 · Score: 4, Insightful

Membership in the EU or the EEC is not the same thing as membership in the Euro (i.e. the currency). The UK is very much part of the EU despite not using the Euro.
captcha: "informs"
Fancy that.
Retarded lawmakers. by hack++slash · 2012-05-27 23:42 · Score: 3, Funny

This new law is fucking ludicrus, I generally block all cookies except certain websites, and one of the UK websites I visit has put a pink banner at the top warning about the cookie crap saying I will only see it once, but it relies on cookies to tell wether the banner has already been displayed, meaning it's ALWAYS there because I've blocked cookies on that site.

Who the fuck came up with the idea of using cookies to warn you about the use of cookies?

--
To do something right, you often have to roll up your sleeves and get busy.
1. Re:Retarded lawmakers. by tehcyder · 2012-05-28 02:07 · Score: 2
  
  I came for a cookie monster comment, and can now leave this thread, contented.
  
  --
  To have a right to do a thing is not at all the same as to be right in doing it
Re:Idiots by jones_supa · 2012-05-27 23:43 · Score: 3, Insightful

Then by all logic, ain't you in part fault for that by leaving?
Re:Not confined to UK by Gonoff · 2012-05-27 23:54 · Score: 2

It is actually a very good idea. You and I might be capable of controlling what tracking cookies we allow. Most people are not.

--
I'll see your Constitution and raise you a Queen.
Eat Your Own Dogfood Law by davide+marney · 2012-05-27 23:58 · Score: 2

FTA, " amusingly even the governments own websites aren't ready." I'd be in favor of an Eat-Your-Own-Dogfood law that stipulates that a) laws that apply to private businesses also apply to the government, and b) no law need be implemented by the private sector until implemented by the government.

--
"We receive as friendly that which agrees with, we resist with dislike that which opposes us" - Faraday
Not the politicians by Kupfernigk · 2012-05-28 00:07 · Score: 2

It is the Civil Service. It has been commented, both by a retiring senior civil servant and an experienced Minister, that the Civil Service is full of people with dumb-as-a-very-dumb-thing ideas. The usual objection is that the proponents assume that everybody is exactly like them, and so once a law is passed people will just automatically obey it, and once an agency is set up it will instantly work perfectly.
Normally these people are kept in warm environments with soft lighting so they can't hurt themselves and cannot be released into the environment because of the damage they would do. But when times are difficult Ministers are looking for good ideas and they get presented with the loony schemes. Inexperienced Ministers - and the current lot are almost all very inexperienced indeed - may get taken in, and so these schemes see the daylight.
Mrs. Thatcher, long may she rot, at least realised that the privatisation of streets and the railways were loony ideas too far. The next Government was inexperienced enough to fall for rail privatisation (unfortunately writing about at least one of the proponents of this here could result in a libel suit).
I do sometimes wonder if, in fact, a number of our Eastern European immigrants are former Stasi members under fake passports who are running the Home Office. But that might be unfair to the Stasi.

--
From scarped cliff or quarried stone she cries "A thousand types are gone, I care for nothing, no not one."
Re:Idiots by Impy+the+Impiuos+Imp · 2012-05-28 01:40 · Score: 2

> Doesn't even matter if the shit happened in
> Hungarian and you live in Norway, you somehow
> want to take credit.
I think you mean "...and you live in Norwegian..."

--
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.